CVE-2025-15581 MEDIUM

CVE-2025-15581

Vendor Orthanc-Server
Product orthanc
Weakness CWE-287 · Improper authentication
Published February 18, 2026
Last update February 28, 2026

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Key dates

02Disclosure timeline

February 18, 2026 CVE published
February 28, 2026 Record updated