Platform
other
Component
orthanc-server
Fixed in
1.5.8
CVE-2025-0896 affects Orthanc server versions prior to 1.5.8. This vulnerability stems from the default configuration where remote access is enabled without basic authentication. An attacker can exploit this to gain unauthorized access to the Orthanc server, potentially exposing sensitive medical imaging data. The vulnerability was published on 2025-02-13 and a fix is available in version 1.5.8.
The primary impact of CVE-2025-0896 is unauthorized access to the Orthanc server. Because Orthanc is frequently used in medical imaging environments, this could lead to the exposure of Protected Health Information (PHI) and other sensitive patient data. An attacker could potentially download entire datasets of medical images, modify existing images, or even inject malicious images into the system. The lack of authentication means that no credentials are required to access the server, significantly lowering the barrier to entry for attackers. This vulnerability presents a high risk of data breach and potential regulatory penalties.
This vulnerability is considered high-risk due to its critical CVSS score and the potential for significant data exposure. No public proof-of-concept (POC) code has been released as of the publication date, but the ease of exploitation makes it likely that attackers will develop and deploy exploits. The vulnerability was disclosed publicly on 2025-02-13. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0896 is to upgrade Orthanc server to version 1.5.8 or later. If upgrading is not immediately possible, consider temporarily disabling remote access functionality. As a secondary measure, implement a Web Application Firewall (WAF) with rules to block unauthorized access attempts to the Orthanc server. Ensure that any existing firewall rules are reviewed and updated to restrict access to only authorized IP addresses. After upgrading, confirm the fix by attempting to access the Orthanc server remotely without providing credentials; access should be denied.
Update the Orthanc server to version 1.5.8 or later. Configure basic authentication to restrict unauthorized access. Refer to the official Orthanc documentation for detailed instructions on how to enable authentication.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0896 is a critical vulnerability in Orthanc server versions 0.0 - 1.5.8 that allows unauthorized remote access due to the lack of default basic authentication when remote access is enabled.
You are affected if you are running Orthanc server versions 0.0 through 1.5.8 and have remote access enabled. Check your version and immediately upgrade if vulnerable.
Upgrade Orthanc server to version 1.5.8 or later. If immediate upgrade is not possible, disable remote access until the upgrade can be performed.
While no active exploitation has been confirmed, the ease of exploitation suggests it is likely to be targeted. Monitor your systems closely.
Refer to the Orthanc project's official website and security advisories for the latest information and updates regarding CVE-2025-0896.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.