Skip to main content

CVE-2025-3480: CWE-522: Insufficiently Protected Credentials in MedDream WEB DICOM Viewer

Medium
VulnerabilityCVE-2025-3480cvecve-2025-3480cwe-522
Published: Thu May 22 2025 (05/22/2025, 00:51:28 UTC)
Source: CVE
Vendor/Project: MedDream
Product: WEB DICOM Viewer

Description

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.

AI-Powered Analysis

AILast updated: 07/07/2025, 10:43:38 UTC

Technical Analysis

CVE-2025-3480 is a vulnerability identified in the MedDream WEB DICOM Viewer, specifically in the version bundled with MedDream PACS Premium 7.3.3.840. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. The core issue arises from the cleartext transmission of user credentials via the Web Portal component of the application. Because the credentials are transmitted without encryption, network-adjacent attackers can intercept and disclose sensitive authentication information. Notably, exploitation does not require any authentication or user interaction, making it easier for attackers positioned on the same network segment or capable of intercepting traffic to capture credentials. The vulnerability has a CVSS 3.0 base score of 5.3, indicating a medium severity level. The vector details (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) show that the attack requires network adjacency and high attack complexity but no privileges or user interaction, with a high impact on confidentiality but no impact on integrity or availability. This vulnerability could lead to unauthorized access to sensitive medical imaging data or systems if attackers leverage the disclosed credentials. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability was initially reported under ZDI-CAN-25842 and publicly disclosed on May 22, 2025.

Potential Impact

For European organizations, particularly healthcare providers and medical imaging centers using MedDream WEB DICOM Viewer, this vulnerability poses a significant risk to patient data confidentiality. Medical imaging data is highly sensitive and protected under regulations such as GDPR, which mandates strict controls on personal health information. The interception of credentials could allow attackers to gain unauthorized access to the DICOM viewer, potentially exposing patient images and related metadata. This could lead to privacy violations, regulatory penalties, and reputational damage. Furthermore, compromised credentials might be used as a foothold for lateral movement within healthcare networks, increasing the risk of broader data breaches or ransomware attacks. Given the critical nature of healthcare services, any disruption or data compromise could also indirectly affect patient care. The medium CVSS score reflects the requirement for network adjacency and high attack complexity, which somewhat limits the attack surface but does not eliminate the risk, especially in environments with insufficient network segmentation or unencrypted internal traffic.

Mitigation Recommendations

To mitigate this vulnerability effectively, European healthcare organizations should immediately assess their deployment of MedDream WEB DICOM Viewer and verify if they are running the affected version (bundled with MedDream PACS Premium 7.3.3.840). Since no official patch is currently available, organizations should implement compensating controls: 1) Enforce network segmentation and isolate the DICOM viewer servers from general user networks to reduce the risk of network-adjacent attackers intercepting traffic. 2) Deploy network-level encryption such as VPNs or IPsec tunnels to protect internal traffic between clients and the DICOM viewer, ensuring credentials are not transmitted in cleartext. 3) Use network monitoring tools to detect unusual traffic patterns or potential credential interception attempts. 4) Implement strict access controls and multi-factor authentication (MFA) on systems that integrate with the DICOM viewer to limit the impact of compromised credentials. 5) Educate staff about the risks and encourage reporting of suspicious network activity. 6) Monitor vendor communications closely for patches or updates addressing this vulnerability and plan for prompt application once available. 7) Consider temporary use of alternative secure DICOM viewers if feasible until the vulnerability is remediated.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-04-09T20:35:44.810Z
Cisa Enriched
false
Cvss Version
3.0
State
PUBLISHED

Threat ID: 682e78df0acd01a249253208

Added to database: 5/22/2025, 1:07:43 AM

Last enriched: 7/7/2025, 10:43:38 AM

Last updated: 8/11/2025, 9:42:06 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats