CVE-2025-15581
EPSS 0.04%orthanc - security update
Published: 2/18/2026Modified: 4/28/2026
Also known as:DEBIAN-CVE-2025-15581
Description
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
Affected packages (2)
- Debian/orthancfrom 0, < 1.9.2+really1.9.1+dfsg-1+deb11u2
- Debian/orthancfrom 0, < 1.9.2+really1.9.1+dfsg-1+deb11u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |