Auth bypass in Orthanc-server Orthanc

CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administra…

Vulnerability class: Broken Authentication

EPSS: 0.004 (32.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References