CVE-2025-15581 | THREATINT

Description

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

PUBLISHED Reserved 2026-02-18 | Published 2026-02-18 | Updated 2026-02-18 | Assigner PRJBLK

MEDIUM: 4.7CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

Any version

affected

References

projectblack.io/blog/orthanc-1-12-9-user-impersonation/

discourse.orthanc-server.org/t/orthanc-1-12-10/6326

orthanc.uclouvain.be/bugs/show_bug.cgi?id=252

cve.org (CVE-2025-15581)

nvd.nist.gov (CVE-2025-15581)

Download JSON