← back
CVE-2025-15581

CVE-2025-15581

CVSS 4.7 MEDIUMEPSS 0.4%CWE-287
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
orthanc-server · orthanc