A new day, a new menace for cyber defenders. A novel vulnerability in Medixant RadiAnt DICOM Viewer—a popular PACS DICOM viewer for medical imaging—allows hackers to execute machine-in-the-middle (MitM) attacks.
GitHub reports that by late 2024, an average of 115 CVEs were disclosed daily, with a 124% rise in cyberattacks exploiting vulnerabilities in Q3 2024. As a result, proactive detection of exploitations remains a top priority for cybersecurity teams worldwide.
To spot potential attacks against your organization on time, SOC Prime Platform for collective cyber defense curates a large set of Sigma rules aimed at vulnerability exploitation detection. Hit the Explore Detections button below and immediately drill down to a relevant stack of context-enriched detections backed by a complete product suite for automated threat hunting, AI-powered detection engineering, and intelligence-led threat detection. Сhecking our Sigma rules library with “CVE” tag, you won’t miss evolving threats potentially challenging your business as detections are added on a daily basis.
All the rules are compatible with multiple SIEM, EDR, and Data Lake solutions and are mapped to the MITRE ATT&CK framework to smooth out threat investigation. Additionally, detections are enriched with detailed metadata, including CTI references, attack timelines, triage recommendations, and more.
CVE-2025-1001 Analysis
Defenders uncovered a new vulnerability in the Medixant RadiAnt DICOM Viewer. Identified as CVE-2025-1001, this medium-severity flaw has a CVSS score of 5.7. CVE-2025-1001 affects all product versions before 2025.1 and arises from the update capability failing to verify the update server’s certificate. This flaw could be exploited in MitM attacks, giving threat actors the green light to intercept and manipulate the server’s response to distribute harmful updates to the user.
If hackers gain elevated privileges on a targeted system, they could impersonate the server and modify the update window’s content. This occurs if the user ignores a certificate name mismatch warning and confirms the fake update, which allows the download of a weaponized file. The latter is handled through the Windows web browser, and the user must manually execute the file. As a result, security software would likely flag the file as hazardous.
There is no evidence of CVE-2025-1001 exploitation in the wild currently, but users should update to the latest version or apply mitigations if they cannot update immediately. The vendor has promptly resolved the issue and urges users to upgrade to product version v2025.1 or later. For users unable to install the update, precautions should be implemented to block potential exploitation attempts. More specifically, to reduce the risks, users should prevent updates from being applied by disabling the display of available updates by running the specific command.
By leveraging SOC Prime Platform for collective cyber defense based on global threat intel, crowdsourcing, zero-trust, and AI, organizations can ensure they can identify and address known and emerging CVEs in a timely fashion to risk-optimize their cybersecurity posture. With Attack Detective, SOC Prime’s enterprise-ready SaaS organizations can improve threat visibility, timely address cyber defense blind spots, and elevate threat detection and hunting capability at scale to act faster than attackers.
The post CVE-2025-1001 Vulnerability in Medixant RadiAnt DICOM Viewer Enables Threat Actors to Perform Machine-in-the-Middle Attacks appeared first on SOC Prime.
