A recent cybersecurity vulnerability discovered in Medixant’s RadiAnt DICOM Viewer has sparked concerns about potential security risks within the healthcare industry. Identified as CVE-2025-1001, this vulnerability is linked to improper certificate validation, which could potentially allow attackers to deliver malicious updates to users of the software. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory outlining the risks associated with this vulnerability, the products affected, and suggested mitigation steps.
The vulnerability in the RadiAnt DICOM Viewer (Version 2024.02) stems from improper certificate validation, specifically related to the failure of the update mechanism to verify the authenticity of the update server’s certificate. Exploiting this vulnerability could enable a man-in-the-middle (MITM) attack, enabling an attacker to manipulate network traffic and inject malicious updates to unsuspecting users.
With a CVSS v3.1 base score of 5.7 and a CVSS v4 score of 5.7, the vulnerability poses a medium-level risk. While the attack complexity is considered low, exploitation would require user interaction, meaning an attacker would need to deceive a user into initiating an update process.
The affected product, RadiAnt DICOM Viewer (Version 2024.02), is widely used in healthcare and public health sectors globally. Any security loophole in this software could have severe consequences, as attackers could tamper with updates to introduce harmful code into healthcare systems, jeopardizing patient data security and system integrity.
The vulnerability was reported by Sharon Brizinov of Claroty Team82 to CISA, following responsible disclosure practices. In response, Medixant has released an updated version of RadiAnt DICOM Viewer (v2025.1) and advises users to upgrade to this version promptly. For users unable to immediately update, temporary mitigation measures have been provided, including disabling update notifications, refraining from manual update checks, downloading updates solely from the official website, and verifying downloaded files with antivirus software.
In addition to Medixant’s recommendations, CISA has issued broader cybersecurity best practices to reduce the risk of exploitation, such as restricting network exposure, using firewalls to secure control system networks, securing remote access with VPNs, and conducting risk assessments before implementing defensive measures.
As attackers often employ social engineering tactics to exploit vulnerabilities, CISA suggests measures like avoiding clicking on unsolicited email links or attachments, familiarizing oneself with phishing tactics, and educating users on social engineering threats to mitigate risks.
Cybersecurity threats in the healthcare sector are constantly evolving, underscoring the importance of proactive security measures. Organizations must evaluate the security of their update mechanisms and remain vigilant against emerging vulnerabilities by implementing the latest software updates.
Overall, staying proactive in cybersecurity defense, adhering to best practices, and continuously updating software are crucial steps in safeguarding against unforeseen vulnerabilities like CVE-2025-1001 in Medixant’s RadiAnt DICOM Viewer.