Critical Vulnerability in RadiAnt DICOM Viewer: CISA Advisory Insights

A recent cybersecurity advisory from CISA has unveiled a vulnerability in Medixant’s RadiAnt DICOM Viewer—an essential imaging tool for healthcare and public health professionals. This advisory, issued on February 20, 2025, highlights an issue in the software’s update mechanism that could potentially expose users to a man-in-the-middle (MITM) attack. In this article, we break down the key points, explain the technical details, and offer clear guidance on how to mitigate risks if you’re using this critical application.

---

Overview of the Vulnerability​

What’s the Issue?
The vulnerability stems from an improper certificate validation (CWE-295) within the update mechanism of RadiAnt DICOM Viewer (version 2024.02). Because the software fails to validate the update server’s certificate, attackers with local network access could intercept and modify update traffic, resulting in malicious code being installed on the system.
Key Points:

• Vendor: Medixant
• Product Affected: RadiAnt DICOM Viewer, Version 2024.02
• Vulnerability: Improper certificate validation in the update process
• Impact: Potential MITM attacks that could deliver malicious updates
• CVSS v4 Score: 5.7 (indicating moderate severity with low attack complexity)
• CVE Identifier: https://www.cve.org/CVERecord?id=CVE-2025-1001

For Windows users and IT professionals alike, understanding this vulnerability is critical—not just for securing medical imaging data but also as a reminder about the importance of safe software update practices.

---

Risk Evaluation and Technical Insights​

What Does “Improper Certificate Validation” Mean?​

Certificate validation is a safeguard that verifies the legitimacy of a server during a secure connection. When validation fails or is skipped, an attacker can interpose themselves between the client and the update server, modify outgoing and incoming data, and ultimately deploy malicious updates. Here’s a more technical look:

• Improper Validation:
  The RadiAnt DICOM Viewer’s update mechanism does not sufficiently verify the update server’s digital certificate.
• Attack Scenario:
  An attacker with network access could manipulate update responses, potentially leading to the installation of compromised versions of the software.

CVSS Breakdown​

• Base Score: 5.7 out of 10
• Vector (CVSS v3.1): AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
• Vector (CVSS v4): AV:A/AC:L/AT/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

The vector details illustrate that the attack requires local or adjacent network access (AV:A) and that the complexity is low (AC:L). While the confidentiality impact is negligible, the integrity impact is significant—emphasizing potential dangers if update files are tampered with.

---

Mitigation Steps: What Users and Organizations Should Do​

Primary Recommendation: Update Immediately​

Medixant now recommends that users upgrade to version 2025.1 or later of the RadiAnt DICOM Viewer. This version addresses the certificate validation flaw and restores the integrity of the update process.

• Download the Latest Version:
  Ensure that you acquire version 2025.1 (or later) from the official https://www.radiantviewer.com. Always verify the package with reliable antivirus software before installation.

Workaround Measures if an Immediate Update Isn’t Feasible​

If circumstances prevent an immediate update, Medixant advises using the following temporary workarounds:

• Disable Automatic Update Notifications:
  Prevent the application from checking for updates automatically by executing the following registry command:
  

  batch
  
    reg add "HKCU\Software\RadiAnt Viewer" /t REG_DWORD /v CheckUpdate /d 0 /f

• Avoid Manual Update Checks:
  Do not initiate update checks from the toolbar menu. Instead, always download updates directly from your web browser.
• Verify Installation Packages:
  Before installing, check the downloaded RadiAnt DICOM Viewer package with your antivirus software to guard against tampered files.

Additional Defensive Measures​

In addition to updating the software, cybersecurity experts from CISA recommend the following best practices:

• Minimize Network Exposure:
  Ensure control system devices and critical medical imaging systems are not directly accessible from the internet.
• Network Segmentation:
  Place medical and control systems behind robust firewalls, separate from standard business networks.
• Secure Remote Access:
  When remote access is necessary, use secure methods such as Virtual Private Networks (VPNs) and keep these clients up to date.
• Social Engineering Awareness:
  Educate users to avoid clicking on unsolicited email attachments or links that could lead to additional risks.

Taking these steps helps to build a defense-in-depth strategy, ensuring that even if one layer is compromised, additional safeguards remain in place.

---

Broader Implications and Industry Context​

The Importance of Update Security in Critical Environments​

The RadiAnt DICOM Viewer vulnerability is not just a software flaw—it’s a reminder that the update mechanisms for critical healthcare applications must be robustly protected. When working in sectors such as healthcare, where diagnostic images and patient data are handled daily, ensuring the integrity of every update is non-negotiable.

Historical Context: Learning from Past Incidents​

This isn’t the first time vulnerabilities in update frameworks have posed significant risks. Past advisories have highlighted similar flaws in other applications and industrial control systems. As we’ve seen with various advisories, such as those related to update synchronization issues in other Microsoft services, a lack of robust certificate validation can often be the weak link in securing critical software.
For more insights on managing update risks, you might recall our earlier discussion on update management challenges—https://windowsforum.com/threads/352826.

Balancing Operational Efficiency and Security​

Striking the right balance between smooth operational continuity in healthcare environments and robust cybersecurity can be challenging. Hospitals and medical facilities must ensure that their imaging software is both up to date and secure, especially given the rising trend of cyberattacks targeting critical infrastructures.
Employing strategies like regular vulnerability assessments and proper network segmentation can mitigate these risks without significantly disrupting the workflow.

---

Step-by-Step Guide: Updating RadiAnt DICOM Viewer Safely​

Step 1: Visit the official RadiAnt website using your web browser instead of relying on in-app update prompts.
Step 2: Download the latest version (v2025.1 or later).
Step 3: Before running the installer, scan the downloaded file with updated antivirus software.
Step 4: Execute the update, following the on-screen instructions carefully.
Step 5: If you cannot update immediately, disable automatic and manual update checks as a temporary measure using the provided registry command.
Following these steps not only secures your systems but also minimizes the risk of a potential MITM attack exploiting this vulnerability.

---

Final Thoughts​

The CISA advisory regarding Medixant’s RadiAnt DICOM Viewer serves as a stark reminder of the necessity for secure update practices. Whether you’re working in healthcare or another critical industry, ensuring that every component—from the operating system to third-party applications—is protected against vulnerabilities is paramount.
By staying informed, implementing the recommended measures, and adopting industry best practices, you can significantly reduce your exposure to cyber threats. As always, we encourage our Windows users and IT professionals to review their security configurations regularly and to keep systems updated.
Stay safe, and don’t delay—secure your systems with the latest updates today!

---

Source: CISA https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01