CVE-2025-15581

Vulnerability Description

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Related Weaknesses (CWE)

CWE-287

References

https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326
https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252
https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation
https://lists.debian.org/debian-lts-announce/2026/02/msg00033.html

FAQ

What is CVE-2025-15581?

CVE-2025-15581 is a documented vulnerability. Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalatio...

How severe is CVE-2025-15581?

CVSS scoring is not yet available for CVE-2025-15581. Check NVD for updates.

Is there a patch for CVE-2025-15581?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.