CVE-2025-15581

Sažetak

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Reference

https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326
https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252
https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

19-02-2026 - 00:16

Objavljeno

18-02-2026 - 23:16