CVE-2025-1002

Name of the Vulnerable Software and Affected Versions MicroDicom DICOM Viewer version 2024.03

Description The issue arises from the software's failure to adequately verify the update server's certificate. This could allow attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack, enabling them to modify the server's response and deliver a malicious update to the user.

Recommendations For MicroDicom DICOM Viewer version 2024.03, as a temporary workaround, consider disabling automatic updates until a patch is available. Restrict access to the update server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.