CVE-2025-3480: CWE-522: Insufficiently Protected Credentials in MedDream WEB DICOM Viewer
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.
AI Analysis
Technical Summary
CVE-2025-3480 is a vulnerability identified in the MedDream WEB DICOM Viewer, specifically in the version bundled with MedDream PACS Premium 7.3.3.840. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. The core issue arises from the cleartext transmission of user credentials via the Web Portal component of the application. Because the credentials are transmitted without encryption, network-adjacent attackers can intercept and disclose sensitive authentication information. Notably, exploitation does not require any authentication or user interaction, making it easier for attackers positioned on the same network segment or capable of intercepting traffic to capture credentials. The vulnerability has a CVSS 3.0 base score of 5.3, indicating a medium severity level. The vector details (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) show that the attack requires network adjacency and high attack complexity but no privileges or user interaction, with a high impact on confidentiality but no impact on integrity or availability. This vulnerability could lead to unauthorized access to sensitive medical imaging data or systems if attackers leverage the disclosed credentials. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability was initially reported under ZDI-CAN-25842 and publicly disclosed on May 22, 2025.
Potential Impact
For European organizations, particularly healthcare providers and medical imaging centers using MedDream WEB DICOM Viewer, this vulnerability poses a significant risk to patient data confidentiality. Medical imaging data is highly sensitive and protected under regulations such as GDPR, which mandates strict controls on personal health information. The interception of credentials could allow attackers to gain unauthorized access to the DICOM viewer, potentially exposing patient images and related metadata. This could lead to privacy violations, regulatory penalties, and reputational damage. Furthermore, compromised credentials might be used as a foothold for lateral movement within healthcare networks, increasing the risk of broader data breaches or ransomware attacks. Given the critical nature of healthcare services, any disruption or data compromise could also indirectly affect patient care. The medium CVSS score reflects the requirement for network adjacency and high attack complexity, which somewhat limits the attack surface but does not eliminate the risk, especially in environments with insufficient network segmentation or unencrypted internal traffic.
Mitigation Recommendations
To mitigate this vulnerability effectively, European healthcare organizations should immediately assess their deployment of MedDream WEB DICOM Viewer and verify if they are running the affected version (bundled with MedDream PACS Premium 7.3.3.840). Since no official patch is currently available, organizations should implement compensating controls: 1) Enforce network segmentation and isolate the DICOM viewer servers from general user networks to reduce the risk of network-adjacent attackers intercepting traffic. 2) Deploy network-level encryption such as VPNs or IPsec tunnels to protect internal traffic between clients and the DICOM viewer, ensuring credentials are not transmitted in cleartext. 3) Use network monitoring tools to detect unusual traffic patterns or potential credential interception attempts. 4) Implement strict access controls and multi-factor authentication (MFA) on systems that integrate with the DICOM viewer to limit the impact of compromised credentials. 5) Educate staff about the risks and encourage reporting of suspicious network activity. 6) Monitor vendor communications closely for patches or updates addressing this vulnerability and plan for prompt application once available. 7) Consider temporary use of alternative secure DICOM viewers if feasible until the vulnerability is remediated.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Poland, Austria
CVE-2025-3480: CWE-522: Insufficiently Protected Credentials in MedDream WEB DICOM Viewer
Description
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.
AI-Powered Analysis
Technical Analysis
CVE-2025-3480 is a vulnerability identified in the MedDream WEB DICOM Viewer, specifically in the version bundled with MedDream PACS Premium 7.3.3.840. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. The core issue arises from the cleartext transmission of user credentials via the Web Portal component of the application. Because the credentials are transmitted without encryption, network-adjacent attackers can intercept and disclose sensitive authentication information. Notably, exploitation does not require any authentication or user interaction, making it easier for attackers positioned on the same network segment or capable of intercepting traffic to capture credentials. The vulnerability has a CVSS 3.0 base score of 5.3, indicating a medium severity level. The vector details (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) show that the attack requires network adjacency and high attack complexity but no privileges or user interaction, with a high impact on confidentiality but no impact on integrity or availability. This vulnerability could lead to unauthorized access to sensitive medical imaging data or systems if attackers leverage the disclosed credentials. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability was initially reported under ZDI-CAN-25842 and publicly disclosed on May 22, 2025.
Potential Impact
For European organizations, particularly healthcare providers and medical imaging centers using MedDream WEB DICOM Viewer, this vulnerability poses a significant risk to patient data confidentiality. Medical imaging data is highly sensitive and protected under regulations such as GDPR, which mandates strict controls on personal health information. The interception of credentials could allow attackers to gain unauthorized access to the DICOM viewer, potentially exposing patient images and related metadata. This could lead to privacy violations, regulatory penalties, and reputational damage. Furthermore, compromised credentials might be used as a foothold for lateral movement within healthcare networks, increasing the risk of broader data breaches or ransomware attacks. Given the critical nature of healthcare services, any disruption or data compromise could also indirectly affect patient care. The medium CVSS score reflects the requirement for network adjacency and high attack complexity, which somewhat limits the attack surface but does not eliminate the risk, especially in environments with insufficient network segmentation or unencrypted internal traffic.
Mitigation Recommendations
To mitigate this vulnerability effectively, European healthcare organizations should immediately assess their deployment of MedDream WEB DICOM Viewer and verify if they are running the affected version (bundled with MedDream PACS Premium 7.3.3.840). Since no official patch is currently available, organizations should implement compensating controls: 1) Enforce network segmentation and isolate the DICOM viewer servers from general user networks to reduce the risk of network-adjacent attackers intercepting traffic. 2) Deploy network-level encryption such as VPNs or IPsec tunnels to protect internal traffic between clients and the DICOM viewer, ensuring credentials are not transmitted in cleartext. 3) Use network monitoring tools to detect unusual traffic patterns or potential credential interception attempts. 4) Implement strict access controls and multi-factor authentication (MFA) on systems that integrate with the DICOM viewer to limit the impact of compromised credentials. 5) Educate staff about the risks and encourage reporting of suspicious network activity. 6) Monitor vendor communications closely for patches or updates addressing this vulnerability and plan for prompt application once available. 7) Consider temporary use of alternative secure DICOM viewers if feasible until the vulnerability is remediated.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-04-09T20:35:44.810Z
- Cisa Enriched
- false
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 682e78df0acd01a249253208
Added to database: 5/22/2025, 1:07:43 AM
Last enriched: 7/7/2025, 10:43:38 AM
Last updated: 8/11/2025, 9:42:06 AM
Views: 14
Related Threats
CVE-2025-7973: CWE-268: Privilege Chaining in Rockwell Automation FactoryTalk® ViewPoint
HighCVE-2025-7773: CWE-863: Incorrect Authorization in Rockwell Automation 5032-CFGB16M12P5DR
HighCVE-2025-43984: n/a
CriticalCVE-2025-36581: CWE-788: Access of Memory Location After End of Buffer in Dell PowerEdge
LowCVE-2025-9036: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Rockwell Automation FactoryTalk® Action Manager
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.