CVE-2025-0896

Published Feb 13, 2025

Last updated 10 days ago

CVSS critical 9.2

Overview

Description
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

ics-cert@hq.dhs.gov
CWE-306

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0896 ⚠️🔴 CRITICAL (9.2) 🏢 Orthanc - Orthanc server 🏗️ 0 🔗 https://t.co/KAOez2ShHg #CyberCron #VulnAlert https://t.co/XWLUY44eOn

    @cybercronai

    13 Feb 2025

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  2. A critical vulnerability (CVE-2025-0896) in Orthanc servers threatens healthcare data security, allowing unauthorized access due to weak defaults. Strong configurations are essential. ⚠️ #HealthcareSecurity #MedicalData #USA link: https://t.co/zrkPxAGqtn https://t.co/HBNRlNYvDb

    @TweetThreatNews

    10 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-0896

    @transilienceai

    10 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨🚨CVE-2025-0896 (CVSS: 9.8) : Orthanc DICOM Server Flaw Exposes Medical Images to Unauthorized Access ⚠️This vulnerability means that anyone with network access to an affected Orthanc server could potentially gain unauthorized access to the server and the medical images it… htt

    @zoomeye_team

    10 Feb 2025

    171 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-0896

    @transilienceai

    9 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-0896

    @transilienceai

    9 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-0896

    @transilienceai

    7 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References