CVE-2025-58742 is a vulnerability categorized under CWE-522 (Insufficiently Protected Credentials) and CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints) affecting Milner ImageDirector Capture on Windows platforms, specifically versions from 7.0.9 before 7.6.3.25808. The flaw resides in the Connection Settings dialog where the 'Server' field can be manipulated by an adversary with low privileges on the client machine. By altering this field, an attacker can redirect the client’s authentication attempts to a malicious server under their control, effectively enabling an Adversary-in-the-Middle (AiTM) attack. This redirection compromises the confidentiality of authentication credentials and potentially allows session hijacking or unauthorized access. The vulnerability requires no user interaction and has a low attack complexity, but does require some level of privilege (PR:L). The CVSS 4.0 score of 8.5 reflects the high impact on confidentiality and availability, with high scope and integrity impacts as well. The vulnerability is particularly dangerous because it exploits insufficient validation and protection of communication endpoints, allowing attackers to intercept or manipulate authentication flows. No patches or exploits in the wild are currently documented, but the risk remains significant due to the nature of the credential exposure and the criticality of the affected product in medical imaging workflows.

For European organizations, particularly those in healthcare and medical imaging sectors relying on Milner ImageDirector Capture, this vulnerability poses a significant risk of credential compromise and unauthorized access. The ability to redirect authentication to a malicious server can lead to data breaches involving sensitive patient information and disruption of imaging workflows. Confidentiality is severely impacted as credentials can be intercepted, and availability may be affected if attackers disrupt or manipulate authentication processes. The integrity of communications is also at risk, potentially allowing attackers to inject false data or commands. Given the critical role of imaging systems in diagnostics and treatment, exploitation could have downstream effects on patient care and regulatory compliance, including GDPR violations. The lack of user interaction required and the low complexity of exploitation increase the likelihood of successful attacks, especially in environments where endpoint security is not tightly controlled.

Organizations should prioritize upgrading Milner ImageDirector Capture to versions 7.6.3.25808 or later once patches are released. Until then, restrict access to the Connection Settings dialog to trusted administrators only, preventing unauthorized modification of the 'Server' field. Implement strict network segmentation to isolate imaging devices and limit their communication to only trusted servers. Employ endpoint protection solutions that monitor and alert on unauthorized configuration changes or suspicious network redirections. Use network-level controls such as TLS inspection and certificate pinning where possible to detect and block attempts to redirect authentication traffic to untrusted endpoints. Conduct regular audits of device configurations and network traffic to identify anomalies. Additionally, educate IT staff and users about the risks of configuration tampering and enforce the principle of least privilege on affected systems.