First published: Thu Feb 13 2025(Updated: )
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Orthanc Server | <1.5.8 |
Orthanc recommends that users update to the latest version https://www.orthanc-server.com/download.php or enable the HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-0896 is classified as high due to the potential for unauthorized access to the Orthanc server.
To fix CVE-2025-0896, upgrade to Orthanc Server version 1.5.8 or later, which enables basic authentication by default.
The risks associated with CVE-2025-0896 include unauthorized access to sensitive data and potential exploitation by attackers.
Users of Orthanc Server versions prior to 1.5.8 that have remote access enabled are affected by CVE-2025-0896.
A temporary workaround for CVE-2025-0896 is to manually enable basic authentication in the server settings until an upgrade is performed.