Two significant vulnerabilities have been discovered in widely used medical imaging software, potentially exposing sensitive patient data.
Security researchers have identified a critical vulnerability in Orthanc Server that could allow unauthorized access to medical imaging data. The flaw, tracked as CVE-2025-0896, receives a critical CVSS score of 9.8 and affects all versions prior to 1.5.8.
A separate vulnerability (CVE-2025-1002) affects MicroDicom DICOM Viewer version 2024.03. This medium-severity flaw could allow attackers to conduct man-in-the-middle attacks and potentially deliver malicious updates to users.
These vulnerabilities could enable attackers to view or modify sensitive patient imaging data or cause system disruptions. The flaws stem from basic authentication being disabled by default when remote access is enabled, creating a significant security risk for healthcare organizations.
The National Institute of Standards and Technology (NIST) has listed the MicroDicom vulnerability (CVE-2025-1002) in its National Vulnerability Database as "awaiting analysis." According to ICS-CERT's assessment, documented in the NIST database, this vulnerability is categorized as an "Improper Certificate Validation" weakness (CWE-295).
The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the low attack complexity of these vulnerabilities. Researcher Sharon Brizinov of Claroty Team82 reported the MicroDicom vulnerability to CISA, noting that attackers in privileged network positions could potentially alter network traffic and conduct machine-in-the-middle attacks.
Orthanc has released version 1.5.8 to address the critical vulnerability. As an immediate mitigation, users can enable HTTP authentication by setting "AuthenticationEnabled": true in their configuration files.
MicroDicom has fixed their vulnerability in version 2025.1, and recommends immediate updates to prevent exploitation.
For Orthanc Server users, update to version 1.5.8 or newer immediately. If updates aren't possible, enable HTTP authentication in the configuration file. MicroDicom DICOM Viewer users should upgrade to version 2025.1.
Check if you're running Orthanc Server versions prior to 1.5.8 or MicroDicom DICOM Viewer version 2024.03. These versions are vulnerable to the reported security flaws.
A MITM attack occurs when an attacker in a privileged network position intercepts communications between systems. In this case, the vulnerability could allow attackers to alter network traffic, modify the server's response, and deliver malicious updates to MicroDicom DICOM Viewer users.