Auth bypass in Orthanc-server Orthanc
CVE-2025-15581
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administra…
Vulnerability class: Broken Authentication
EPSS: 0.004 (32.6th percentile) — read the EPSS interpretation.
Affected products
- Orthanc-server Orthanc — versions 0