CVE-2025-3480 in Web DICOM Viewer
Summary
by MITRE • 05/22/2025
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/15/2025
The CVE-2025-3480 vulnerability represents a critical security flaw in the MedDream WEB DICOM Viewer web portal component that exposes sensitive authentication credentials through cleartext transmission over network channels. This vulnerability specifically affects installations where the web portal component handles user authentication and credential management without implementing proper encryption mechanisms for data in transit. The flaw exists at the application layer where authentication credentials are transmitted without any form of transport layer security or application-level encryption, making them susceptible to interception by malicious actors within the network adjacency range.
This vulnerability constitutes a direct violation of fundamental security principles outlined in the CWE (Common Weakness Enumeration) catalog under CWE-312, which specifically addresses the exposure of sensitive information through cleartext transmission. The vulnerability's impact is amplified by the fact that no authentication is required for exploitation, meaning that any attacker within network adjacency can potentially intercept and decode transmitted credentials without requiring prior access or authorization. The web portal component of MedDream WEB DICOM Viewer fails to implement secure communication protocols such as TLS/SSL for credential transmission, creating an attack surface that aligns with ATT&CK technique T1071.004 for application layer protocol usage and T1566 for credential access through network-based attacks.
The operational impact of this vulnerability extends beyond simple credential disclosure, as compromised authentication information can lead to unauthorized access to medical imaging systems and patient data repositories. Attackers can leverage this vulnerability to gain persistent access to DICOM viewer systems, potentially enabling them to manipulate medical images, access protected health information, or establish backdoor access points within healthcare network environments. The vulnerability particularly affects healthcare organizations and medical facilities that rely on DICOM viewers for diagnostic imaging workflows, where the exposure of authentication credentials could result in significant compliance violations under HIPAA regulations and other healthcare data protection standards.
Organizations should implement immediate mitigations including mandatory enforcement of TLS encryption for all web portal communications, deployment of network segmentation to limit adjacency access, and implementation of network monitoring solutions to detect credential interception attempts. The recommended remediation strategy involves upgrading to patched versions of MedDream WEB DICOM Viewer that enforce encrypted transmission of all authentication credentials, while also implementing zero-trust network access controls that validate all network traffic regardless of source location. Security teams should conduct comprehensive vulnerability assessments to identify all instances of the affected software and ensure proper encryption protocols are enforced across all network communications involving sensitive authentication data, aligning with NIST SP 800-53 security controls for secure communication and access control mechanisms.