CVE-2025-3480 is a vulnerability identified in the MedDream WEB DICOM Viewer, specifically in the version bundled with MedDream PACS Premium 7.3.3.840. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. The core issue arises from the cleartext transmission of user credentials via the Web Portal component of the application. Because the credentials are transmitted without encryption, network-adjacent attackers can intercept and disclose sensitive authentication information. Notably, exploitation does not require any authentication or user interaction, making it easier for attackers positioned on the same network segment or capable of intercepting traffic to capture credentials. The vulnerability has a CVSS 3.0 base score of 5.3, indicating a medium severity level. The vector details (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) show that the attack requires network adjacency and high attack complexity but no privileges or user interaction, with a high impact on confidentiality but no impact on integrity or availability. This vulnerability could lead to unauthorized access to sensitive medical imaging data or systems if attackers leverage the disclosed credentials. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability was initially reported under ZDI-CAN-25842 and publicly disclosed on May 22, 2025.

For European organizations, particularly healthcare providers and medical imaging centers using MedDream WEB DICOM Viewer, this vulnerability poses a significant risk to patient data confidentiality. Medical imaging data is highly sensitive and protected under regulations such as GDPR, which mandates strict controls on personal health information. The interception of credentials could allow attackers to gain unauthorized access to the DICOM viewer, potentially exposing patient images and related metadata. This could lead to privacy violations, regulatory penalties, and reputational damage. Furthermore, compromised credentials might be used as a foothold for lateral movement within healthcare networks, increasing the risk of broader data breaches or ransomware attacks. Given the critical nature of healthcare services, any disruption or data compromise could also indirectly affect patient care. The medium CVSS score reflects the requirement for network adjacency and high attack complexity, which somewhat limits the attack surface but does not eliminate the risk, especially in environments with insufficient network segmentation or unencrypted internal traffic.

To mitigate this vulnerability effectively, European healthcare organizations should immediately assess their deployment of MedDream WEB DICOM Viewer and verify if they are running the affected version (bundled with MedDream PACS Premium 7.3.3.840). Since no official patch is currently available, organizations should implement compensating controls: 1) Enforce network segmentation and isolate the DICOM viewer servers from general user networks to reduce the risk of network-adjacent attackers intercepting traffic. 2) Deploy network-level encryption such as VPNs or IPsec tunnels to protect internal traffic between clients and the DICOM viewer, ensuring credentials are not transmitted in cleartext. 3) Use network monitoring tools to detect unusual traffic patterns or potential credential interception attempts. 4) Implement strict access controls and multi-factor authentication (MFA) on systems that integrate with the DICOM viewer to limit the impact of compromised credentials. 5) Educate staff about the risks and encourage reporting of suspicious network activity. 6) Monitor vendor communications closely for patches or updates addressing this vulnerability and plan for prompt application once available. 7) Consider temporary use of alternative secure DICOM viewers if feasible until the vulnerability is remediated.