CVE-2025-11672
📋 TL;DR
Uniweb/SoliPACS WebServer developed by EBM Technologies has a missing authentication vulnerability that allows unauthenticated remote attackers to access a specific page and obtain user group names. This affects organizations using vulnerable versions of Uniweb/SoliPACS WebServer for medical imaging management.
💻 Affected Systems
- Uniweb/SoliPACS WebServer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map organizational structure, identify privileged accounts, and use this information for targeted attacks or credential stuffing campaigns.
Likely Case
Information disclosure of user group names, potentially enabling social engineering or reconnaissance for further attacks.
If Mitigated
Limited to information disclosure without authentication bypass for sensitive data or system control.
🎯 Exploit Status
The vulnerability allows unauthenticated access to a specific page, making exploitation straightforward once the target URL is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references, but EBM Technologies has released updates
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10420-d1a4f-2.html
Restart Required: No
Instructions:
1. Contact EBM Technologies for the latest security update. 2. Apply the patch to all affected Uniweb/SoliPACS WebServer instances. 3. Verify authentication is properly enforced on all endpoints.
🔧 Temporary Workarounds
Network Access Control
allRestrict access to Uniweb/SoliPACS WebServer to trusted networks only
Web Application Firewall Rules
allBlock unauthenticated access to the vulnerable endpoint
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Uniweb/SoliPACS WebServer from untrusted networks
- Deploy a reverse proxy with authentication requirements for all access to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Attempt to access the specific vulnerable page without authentication. If user group names are returned, the system is vulnerable.Check Version:
Check the Uniweb/SoliPACS WebServer administration interface or contact EBM Technologies for version verificationVerify Fix Applied:
After patching, attempt the same unauthenticated access. The page should require authentication or return an error.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to the vulnerable endpoint
- Multiple failed authentication attempts followed by access to user group page
Network Indicators:
- Unusual traffic patterns to the Uniweb/SoliPACS WebServer from untrusted sources
- HTTP requests to the vulnerable endpoint without authentication headers
SIEM Query:
source="unauthenticated_access_logs" AND (uri CONTAINS "vulnerable_endpoint" OR response_code=200) AND user="anonymous"