← voltar
CVE-2025-15581

CVE-2025-15581

CVSS 4.7 MEDIUMEPSS 0.4%CWE-287
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
orthanc-server · orthanc

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326https://lists.debian.org/debian-lts-announce/2026/02/msg00033.htmlhttps://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation