RadiAnt DICOM Viewer Flaw Exposes Users To MITM Attacks

A newly identified cybersecurity vulnerability in Medixant’s RadiAnt DICOM Viewer has raised concerns about potential security threats in the healthcare sector. The vulnerability tracked as CVE-2025-1001, is linked to improper certificate validation, which could allow attackers to deliver malicious updates to users. The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory detailing the risks, affected products, and mitigation steps.

RadiAnt DICOM Viewer Vulnerability Overview

The vulnerability exists in RadiAnt DICOM Viewer (Version 2024.02) due to improper certificate validation (CWE-295). This flaw arises from the failure of the update mechanism to verify the authenticity of the update server’s certificate. If exploited, this vulnerability could enable a machine-in-the-middle (MITM) attack, allowing an attacker to manipulate network traffic and deliver a malicious update to unsuspecting users.

CVSS Score and Risk Level

The vulnerability has been assigned a CVSS v3.1 base score of 5.7, indicating a medium-level risk. The CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

A CVSS v4 score of 5.7 has also been calculated, with the vector string (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

Although the attack complexity is low, exploitation requires user interaction, meaning an attacker would need to trick a user into initiating an update process.

Affected Products

The vulnerability specifically affects:

• RadiAnt DICOM Viewer: Version 2024.02

Potential Impact on Healthcare and Public Health Sectors

Medixant’s RadiAnt DICOM Viewer is widely used in the healthcare and public health sectors globally. Any security weakness in this software poses significant risks, as attackers could manipulate updates to inject malicious code into healthcare systems, potentially compromising patient data integrity and system security.

The vulnerability was identified and reported by Sharon Brizinov of Claroty Team82 to CISA. Following responsible disclosure practices, CISA has now issued an advisory to alert organizations using the affected software.

Mitigation Measures

To address this vulnerability, Medixant has released an updated version of RadiAnt DICOM Viewer (v2025.1) and strongly recommends users upgrade to this version as soon as possible.

For users unable to immediately upgrade, Medixant has provided the following temporary mitigation measures:

1. Disable update notifications by running the following command:

   reg add "HKCU\Software\RadiAnt Viewer" /t REG_DWORD /v CheckUpdate /d 0 /f

2. Avoid manual update checks: Users should refrain from clicking “Check for updates now” in the toolbar menu.
3. Download updates only from the official website: Users should manually download the latest version from RadiAnt Viewer’s official website.
4. Verify downloaded files with antivirus software before installation to ensure they are not tampered with.

CISA’s Security Recommendations

In addition to Medixant’s mitigation measures, CISA has issued broader cybersecurity best practices to minimize the risk of exploitation:

• Restrict network exposure: Ensure control system devices are not accessible from the internet.
• Use firewalls: Secure control system networks and isolate them from business networks.
• Secure remote access: If remote access is required, use Virtual Private Networks (VPNs). However, organizations should ensure VPNs are updated and recognize that their security is only as strong as the devices connected to them.
• Perform risk assessments: Conduct thorough impact analysis and security assessments before implementing defensive measures.

Guidance on Avoiding Social Engineering Attacks

As attackers often use social engineering tactics to exploit vulnerabilities, CISA recommends users adopt the following security measures:

• Avoid clicking on unsolicited email links or attachments.
• Familiarize with common phishing tactics by referring to resources like “Recognizing and Avoiding Email Scams.”
• Educate users on social engineering threats using materials such as “Avoiding Social Engineering and Phishing Attacks.”

Final Thoughts

Cybersecurity threats in healthcare continue to evolve, and vulnerabilities like CVE-2025-1001 highlight the need for proactive security measures. How well is your organization prepared to handle emerging cybersecurity threats? Have you evaluated whether your update mechanisms are fully secure? Staying ahead of vulnerabilities requires constant vigilance, strong security practices, and a commitment to implementing the latest software updates.

Related