Critical
CVSS 9.8
Overview
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
CVE-2025-0896
Orthanc server prior to version 1.5.8 does not enable basic authentication by de...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: unauth_access (tag impact: HIGH)
Recommended actions:
- Enforce authentication/authorization; reduce default endpoint exposure.