CVE-2025-15581

Vulnerability Description

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.

Successful exploitation could result in allow Privilege Escalation, potentially allowing full administrative access.

Vulnerability Details

Published Date

February 18, 2026

Last Modified

February 19, 2026

CWE ID

CWE-287

Source

NVD

Vendor

orthanc-server

Product

orthanc

External References

https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326
https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252
https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation

CVE-2025-15581

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment