Plattform
other
Komponente
orthanc-server
Behoben in
1.5.8
CVE-2025-0896 affects Orthanc server versions prior to 1.5.8. This vulnerability stems from the default configuration where remote access is enabled without basic authentication. An attacker can exploit this to gain unauthorized access to the Orthanc server, potentially exposing sensitive medical imaging data. The vulnerability was published on 2025-02-13 and a fix is available in version 1.5.8.
The primary impact of CVE-2025-0896 is unauthorized access to the Orthanc server. Because Orthanc is frequently used in medical imaging environments, this could lead to the exposure of Protected Health Information (PHI) and other sensitive patient data. An attacker could potentially download entire datasets of medical images, modify existing images, or even inject malicious images into the system. The lack of authentication means that no credentials are required to access the server, significantly lowering the barrier to entry for attackers. This vulnerability presents a high risk of data breach and potential regulatory penalties.
This vulnerability is considered high-risk due to its critical CVSS score and the potential for significant data exposure. No public proof-of-concept (POC) code has been released as of the publication date, but the ease of exploitation makes it likely that attackers will develop and deploy exploits. The vulnerability was disclosed publicly on 2025-02-13. It is not currently listed on the CISA KEV catalog.
Healthcare organizations utilizing Orthanc server for medical image storage and retrieval are at significant risk. This includes hospitals, clinics, radiology centers, and research institutions. Organizations with legacy Orthanc deployments or those that have not implemented proper security configurations are particularly vulnerable.
• windows / supply-chain: Monitor network traffic for unauthorized access attempts to the Orthanc server on the default port. Use Windows Defender to scan for suspicious processes or files associated with Orthanc.
• linux / server: Use journalctl -u orthanc to monitor Orthanc logs for unusual activity. Implement auditd rules to track access attempts to the Orthanc server.
• generic web: Use curl -I <orthancserverip> to check if remote access is enabled without authentication. Examine access logs for unauthorized access attempts.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-0896 is to upgrade Orthanc server to version 1.5.8 or later. If upgrading is not immediately possible, consider temporarily disabling remote access functionality. As a secondary measure, implement a Web Application Firewall (WAF) with rules to block unauthorized access attempts to the Orthanc server. Ensure that any existing firewall rules are reviewed and updated to restrict access to only authorized IP addresses. After upgrading, confirm the fix by attempting to access the Orthanc server remotely without providing credentials; access should be denied.
Aktualisieren Sie den Orthanc-Server auf Version 1.5.8 oder höher. Konfigurieren Sie die grundlegende Authentifizierung, um unbefugten Zugriff einzuschränken. Sehen Sie sich die offizielle Orthanc-Dokumentation für detaillierte Anweisungen zum Aktivieren der Authentifizierung an.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-0896 is a critical vulnerability in Orthanc server versions 0.0 - 1.5.8 that allows unauthorized remote access due to the lack of default basic authentication when remote access is enabled.
You are affected if you are running Orthanc server versions 0.0 through 1.5.8 and have remote access enabled. Check your version and immediately upgrade if vulnerable.
Upgrade Orthanc server to version 1.5.8 or later. If immediate upgrade is not possible, disable remote access until the upgrade can be performed.
While no active exploitation has been confirmed, the ease of exploitation suggests it is likely to be targeted. Monitor your systems closely.
Refer to the Orthanc project's official website and security advisories for the latest information and updates regarding CVE-2025-0896.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.