PT-2026-20548 · Owi Ingenie · Orthanc

Published

2025-01-01

Updated

2026-02-28

CVE-2025-15581

CVSS v4.0

5.7

Medium

Vector

AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Orthanc versions prior to 1.12.10

Description An authorisation logic flaw exists in the HTTP Basic Authentication implementation of Orthanc. Successful exploitation could lead to privilege escalation, potentially granting full administrative access.

Recommendations Update to version 1.12.10 or later.

Fix

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-15581

Affected Products

Orthanc

PT-2026-20548 · Owi Ingenie · Orthanc

CVE-2025-15581

Weakness Enumeration

Related Identifiers

Affected Products

References · 16