CVE-2025-1002: 
MicroDicom DICOM Viewer vulnerability analysis and mitigation

MicroDicom DICOM Viewer version 2024.03 contains a certificate validation vulnerability identified as CVE-2025-1002. The vulnerability was discovered by Sharon Brizinov of Claroty Team82 and was publicly disclosed on February 6, 2025. This security flaw affects the DICOM Viewer software, which is deployed worldwide and primarily impacts the Healthcare and Public Health sector. The vendor, MicroDicom, is headquartered in Bulgaria (CISA Advisory).

The vulnerability is classified as an Improper Certificate Validation issue (CWE-295). It has been assigned a CVSS v3.1 base score of 5.7 with the vector string (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Additionally, a CVSS v4 score of 5.7 has been calculated with the vector string (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N). The vulnerability is characterized by low attack complexity but requires an attacker to have a privileged network position (CISA Advisory).

If successfully exploited, this vulnerability could enable attackers to alter network traffic and perform machine-in-the-middle (MITM) attacks. Specifically, attackers could modify the server's response and deliver malicious updates to users. The vulnerability primarily affects the integrity of the system's update process (CISA Advisory).

MicroDicom has released version 2025.1 to address this vulnerability. CISA recommends several defensive measures including: minimizing network exposure for control system devices, ensuring systems are not accessible from the internet, locating control system networks behind firewalls, isolating them from business networks, and using secure methods like VPNs when remote access is required. Organizations are advised to perform proper impact analysis and risk assessment before implementing defensive measures (CISA Advisory).