Sign in
Security Advisory CVE-2025-1001
Overview
  • RadiAnt DICOM Viewer 2025.1 resolves a security vulnerability in the update check mechanism. Failure to install the patched version or apply the recommended remediations when using an older version may result in downloading a malicious file instead of a legitimate software installation package.
Vulnerability ID
  • CVE-2025-1001
Affected Product and Versions
  • RadiAnt DICOM Viewer
  • All versions before 2025.1
Description
  • An attacker with privileged network access could impersonate RadiAnt’s update server and modify the content displayed in the update check window. However, this is only possible if the user ignores the security alert warning about the certificate name mismatch and proceeds by clicking “Yes” despite the warning. If this occurs, the user may download a malicious file instead of a legitimate update.
  • The download itself is handled outside of RadiAnt (via the Windows web browser), and the downloaded file must be manually executed by the user. Consequently, the file would likely be detected and flagged as malicious by Microsoft Defender SmartScreen / Microsoft Defender Antivirus / other installed protection software.
CVSS Score
  • CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 5.7 MEDIUM
  • CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N 5.7 MEDIUM
Resolution
  • All users with an active subscription plan can download and install the patched version 2025.1 from the official website: Download RadiAnt DICOM Viewer 2025.1
  • Users with permanent licenses and expired support, or those on a subscription plan who prefer to stay on an older version, can mitigate the risk by following these precautions:
    • Do not proceed if a certificate security alert dialog appears. Click "No" when prompted.
    • Disable automatic update notifications using this command:
      reg add "HKCU\Software\RadiAnt Viewer" /t REG_DWORD /v CheckUpdate /d 0 /f
    • Avoid manually checking for updates ("Check for updates now" from the toolbar menu).
    • Ignore any content displayed in the update check window and close it immediately if it appears.
    • Avoid using untrusted networks, including public WiFi. Using your device on an untrusted network increases the chance of falling victim to a MITM attack.
Reporter
  • This vulnerability was discovered by Sharon Brizinov of Claroty Team82.
Disclosure Timeline
  • Date of First Vendor Contact Attempt: 2025-01-08
  • Date of Vendor Response: 2025-01-08
  • Date of Patch Release: 2025-01-16
  • Disclosure Date: 2025-02-20