Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.7
Old Orthanc Software Allows Unauthorised Access to Admin
CVE-2025-15581
Summary
If you use Orthanc version 1.12.10 or earlier, an attacker could gain full control of your system by exploiting a weakness in the way users are checked for permission. This is a serious issue, as it could allow someone to make changes they shouldn't be able to make. Update to version 1.12.10 or later to fix this issue.
Original title
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.
Successful exploitation could result in Privilege Escala...
Original description
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.
Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
nvd CVSS4.0
4.7
Vulnerability type
CWE-287
Improper Authentication
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026