← volver
CVE-2025-15581

CVE-2025-15581

CVSS 4.7 MEDIUMEPSS 0.4%CWE-287
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 feb 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
orthanc-server · orthanc