CVE-2025-58741 is a vulnerability classified under CWE-522 (Insufficiently Protected Credentials) affecting Milner ImageDirector Capture versions from 7.0.9 through 7.6.3.25808. The vulnerability arises from inadequate protection of credential fields within the software, allowing an attacker with low privileges and local access to retrieve sensitive credential material. This credential exposure can lead to unauthorized access to the underlying database, potentially compromising sensitive imaging data and related system functions. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H) indicates that the attack requires local access with low privileges but no user interaction or authentication, and the vulnerability severely impacts confidentiality, availability, and integrity. The scope is high, meaning the vulnerability affects components beyond the initially compromised privilege level. Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the sensitive nature of the data handled by ImageDirector Capture, which is commonly used in medical imaging workflows. The lack of available patches at the time of reporting necessitates immediate interim mitigations to prevent exploitation. The vulnerability was reserved in September 2025 and published in January 2026, indicating recent discovery and disclosure.

For European organizations, especially those in healthcare and medical imaging sectors, this vulnerability could lead to unauthorized access to patient imaging data and related databases, resulting in confidentiality breaches and potential regulatory non-compliance (e.g., GDPR). The integrity of imaging data could be compromised, affecting diagnostic accuracy and patient care. Availability impacts could arise if attackers manipulate or disrupt database access, causing operational downtime. Given the local access requirement, insider threats or attackers who gain initial footholds on affected systems pose the greatest risk. The exposure of credentials could also facilitate lateral movement within networks, escalating the impact beyond the initially compromised system. The high severity and broad scope of impact make this vulnerability particularly concerning for organizations relying on Milner ImageDirector Capture in critical workflows.

Organizations should immediately restrict local access to systems running affected versions of ImageDirector Capture to trusted personnel only, employing strict access control and monitoring. Implement robust credential management policies, including regular rotation and encryption of stored credentials. Network segmentation should isolate imaging systems from broader enterprise networks to limit lateral movement. Deploy host-based intrusion detection systems to identify suspicious local access or credential extraction attempts. Monitor logs for unusual database access patterns. Coordinate with Milner for timely patch deployment once available, and test patches in controlled environments before production rollout. Consider temporary compensating controls such as disabling unnecessary services or features that expose credential fields. Conduct security awareness training for staff to recognize insider threat indicators and enforce least privilege principles.