CVE-2025-11671
📋 TL;DR
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability (CWE-306) that allows unauthenticated remote attackers to access a specific page and obtain sensitive information including account names and IP addresses. This affects organizations using vulnerable versions of Uniweb/SoliPACS WebServer for medical imaging and PACS systems.
💻 Affected Systems
- Uniweb/SoliPACS WebServer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could enumerate all system accounts and network information, enabling credential attacks, lateral movement, or reconnaissance for further exploitation.
Likely Case
Unauthenticated attackers can harvest account names and IP addresses, facilitating targeted phishing, brute force attacks, or system mapping.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure without direct system compromise.
🎯 Exploit Status
Exploitation requires only HTTP requests to the vulnerable endpoint; no special tools or techniques needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references; contact vendor for patched version
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10420-d1a4f-2.html
Restart Required: No
Instructions:
1. Contact EBM Technologies for the security patch. 2. Apply the patch according to vendor instructions. 3. Verify authentication is now required for the previously vulnerable page.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to Uniweb/SoliPACS WebServer to only trusted IP addresses and networks.
firewall rules to limit access to specific IP ranges
Web Application Firewall
allDeploy WAF rules to block unauthenticated access to the vulnerable endpoint.
WAF configuration to require authentication for sensitive endpoints
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the vulnerable system from untrusted networks
- Deploy additional authentication layer (reverse proxy with authentication) in front of the vulnerable server
🔍 How to Verify
Check if Vulnerable:
Attempt to access the vulnerable endpoint without authentication; if information is returned, system is vulnerable.Check Version:
Check Uniweb/SoliPACS WebServer version through admin interface or contact vendorVerify Fix Applied:
After patching, attempt to access the same endpoint without authentication; should receive authentication prompt or access denied.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to sensitive endpoints
- Multiple failed authentication attempts following information disclosure
Network Indicators:
- Unusual HTTP requests to specific endpoints from external IPs
- Information gathering patterns
SIEM Query:
source_ip NOT IN trusted_networks AND http_request LIKE '%vulnerable_endpoint%' AND auth_status='none'