CVE-2025-27720
📋 TL;DR
The Pixmeo Osirix MD Web Portal transmits user credentials in cleartext without encryption, allowing attackers to intercept and steal login information. This affects all users and administrators of Osirix MD Web Portal installations that handle medical imaging data.
💻 Affected Systems
- Pixmeo Osirix MD Web Portal
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to medical imaging systems, potentially compromising patient data, altering medical records, or disrupting healthcare operations.
Likely Case
Attackers steal valid credentials to access sensitive medical imaging data and patient information stored in the system.
If Mitigated
With proper network segmentation and monitoring, impact is limited to credential theft from specific network segments.
🎯 Exploit Status
Exploitation requires network access to intercept traffic; no authentication bypass needed once credentials are captured.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.osirix-viewer.com/osirix/osirix-md/
Restart Required: Yes
Instructions:
1. Check vendor advisory for latest patched version
2. Backup current configuration and data
3. Apply vendor-provided patch or update
4. Restart Osirix MD Web Portal service
5. Verify encryption is enabled for all credential transmissions
🔧 Temporary Workarounds
Enable HTTPS/TLS Enforcement
allForce all web portal traffic to use encrypted HTTPS connections only
Configure web server to redirect HTTP to HTTPS
Disable HTTP access entirely
Network Segmentation
allIsolate Osirix MD Web Portal to separate VLAN with strict access controls
Configure firewall rules to restrict access to web portal
Implement network segmentation between web portal and other systems
🧯 If You Can't Patch
- Implement VPN or encrypted tunnel for all remote access to the web portal
- Deploy network monitoring and intrusion detection to alert on cleartext credential transmissions
🔍 How to Verify
Check if Vulnerable:
Use network monitoring tools to capture traffic during login and check if credentials are transmitted in cleartextCheck Version:
Check web portal interface or configuration files for version informationVerify Fix Applied:
Verify all login traffic uses HTTPS/TLS encryption and no credentials appear in cleartext📡 Detection & Monitoring
Log Indicators:
- Failed login attempts from unexpected locations
- Multiple login attempts in short timeframes
Network Indicators:
- Cleartext HTTP POST requests containing username/password fields
- Unencrypted authentication traffic to web portal
SIEM Query:
source="web_server" AND (http_method="POST" AND uri CONTAINS "login" AND NOT protocol="HTTPS")