Detections
Analytics

RadiAnt DICOM Viewer (CVE-2025-1001)

medium Nessus Plugin ID 216941

Synopsis

The remote host is affected by a improper certificate validation vulnerability

Description

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM).
An attacker could modify the server's response and deliver a malicious update to the user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update to RadiAnt DICOM Viewer version 2025.1 or later

See Also

https://www.radiantviewer.com/c/security-advisory-cve-2025-1001/

Plugin Details

Severity: Medium

ID: 216941

File Name: radiant_dcom_viewer_cve-2025-1001.nasl

Version: 1.1

Type: local

Agent: windows

Family: Misc.

Published: 2/28/2025

Updated: 2/28/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2025-1001

CVSS v3

Risk Factor: Medium

Base Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: x-cpe:/a:medixant:radiantviewer

Required KB Items: installed_sw/RadiAnt DICOM Viewer

Patch Publication Date: 2/20/2025

Vulnerability Publication Date: 2/20/2025

Reference Information

CVE: CVE-2025-1001

IAVB: 2025-B-0032