CVE-2025-27720 - Vulnerability Details

The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact total

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-14074	The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.

Fixes

Solution

Pixmeo recommends users to download the latest version of OsiriX MD https://www.osirix-viewer.com/osirix/osirix-md/ . For additional support regarding OsiriX MD, users should contact Pixmeo https://www.osirix-viewer.com/about/contact/ directly.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01
https://www.osirix-viewer.com/about/contact/
https://www.osirix-viewer.com/osirix/osirix-md/

History

Fri, 09 May 2025 04:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 08 May 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description		The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Title		Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information
Weaknesses		CWE-319
References		https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-128-01 https://www.osirix-viewer.com/about/contact/ https://www.osirix-viewer.com/osirix/osirix-md/
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-05-08T22:43:28.046Z

Updated: 2025-05-09T04:03:25.385Z

Reserved: 2025-04-03T20:57:04.866Z

Link: CVE-2025-27720

Vulnrichment

Updated: 2025-05-09T04:03:20.981Z

NVD

Status : Awaiting Analysis

Published: 2025-05-08T23:15:51.993

Modified: 2025-05-12T17:32:52.810

Link: CVE-2025-27720

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object