Orthanc CVE-2025-15581
Lifecycle Timeline
2DescriptionCVE.org
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.
Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
AnalysisAI
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
Technical ContextAI
Classified as CWE-287 (Improper Authentication). Affects Orthanc. Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.
Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
Affected ProductsAI
Product: Orthanc. Versions: up to 1.12.10.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-287 – Improper Authentication
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today