CVE-2025-15581
📋 TL;DR
Orthanc versions before 1.12.10 have an authorization logic flaw in HTTP Basic Authentication that allows privilege escalation. Attackers can exploit this to gain administrative access to the DICOM server. All Orthanc deployments using HTTP Basic Authentication with versions below 1.12.10 are affected.
💻 Affected Systems
- Orthanc
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full administrative access to Orthanc DICOM server, allowing complete control over medical imaging data, configuration changes, and potential access to connected systems.
Likely Case
Unauthorized users gaining elevated privileges to access, modify, or delete medical imaging studies and patient data.
If Mitigated
Limited impact if proper network segmentation and authentication controls are in place, but still represents a significant authorization bypass.
🎯 Exploit Status
Exploitation requires valid user credentials but allows privilege escalation from any authenticated user to administrator.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.12.10
Vendor Advisory: https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326
Restart Required: Yes
Instructions:
1. Backup current Orthanc configuration and data. 2. Download Orthanc 1.12.10 from official repository. 3. Stop Orthanc service. 4. Install/upgrade to version 1.12.10. 5. Restart Orthanc service. 6. Verify version and functionality.
🔧 Temporary Workarounds
Disable HTTP Basic Authentication
allTemporarily disable HTTP Basic Authentication and use alternative authentication methods
Edit Orthanc configuration file and set "AuthenticationEnabled" to false or remove BasicAuth configuration
Network Access Control
linuxRestrict network access to Orthanc to trusted IPs only
iptables -A INPUT -p tcp --dport 8042 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8042 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Orthanc from untrusted networks
- Enable comprehensive logging and monitoring for authentication and authorization events
🔍 How to Verify
Check if Vulnerable:
Check Orthanc version via web interface at /system or run: orthanc --versionCheck Version:
orthanc --versionVerify Fix Applied:
Verify version is 1.12.10 or higher and test authentication with non-admin users cannot access admin endpoints📡 Detection & Monitoring
Log Indicators:
- Unauthorized access to admin endpoints
- Multiple failed authentication attempts followed by successful admin access from non-admin user
Network Indicators:
- HTTP requests to /system, /tools, or other admin endpoints from non-admin users
- Unusual authentication patterns
SIEM Query:
source="orthanc" AND (uri_path="/system" OR uri_path="/tools") AND user!="admin" AND response_code=200