← back
CVE-2025-15581

CVE-2025-15581

CVSS 4.7 MEDIUMEPSS 0.4%CWE-287
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
orthanc-server · orthanc

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326https://lists.debian.org/debian-lts-announce/2026/02/msg00033.htmlhttps://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation