← volver
CVE-2025-15581

CVE-2025-15581

CVSS 4.7 MEDIUMEPSS 0.4%CWE-287
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
orthanc-server · orthanc

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326https://lists.debian.org/debian-lts-announce/2026/02/msg00033.htmlhttps://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation