CVE-2025-11671 is a vulnerability identified in the Uniweb/SoliPACS WebServer developed by EBM Technologies. The root cause is a missing authentication mechanism on a critical web function, specifically a page that, when accessed, reveals sensitive information such as account names and IP addresses. This vulnerability falls under CWE-306, which pertains to missing authentication for critical functions. The flaw allows unauthenticated remote attackers to directly access this page without any credentials or user interaction, making exploitation straightforward over the network. The CVSS v3.1 base score is 5.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), and no impact on integrity or availability (I:N/A:N). Although no public exploits are currently known, the disclosed information could facilitate further attacks by providing attackers with internal account names and IP addresses, which are valuable for reconnaissance and lateral movement. The affected versions are unspecified (noted as '0'), suggesting possibly all current versions or a placeholder. No patches have been linked yet, indicating that remediation may require vendor engagement or temporary mitigations. This vulnerability highlights a critical lapse in access control on a web server component used in medical imaging or healthcare environments, where Uniweb/SoliPACS is typically deployed.

For European organizations, especially those in healthcare and medical imaging sectors that rely on Uniweb/SoliPACS WebServer, this vulnerability poses a risk of unauthorized information disclosure. The exposure of account names and IP addresses can aid attackers in mapping internal networks, identifying valid user accounts, and planning targeted attacks such as phishing, credential stuffing, or lateral movement within the network. While the vulnerability does not directly compromise data integrity or availability, the confidentiality breach can lead to further exploitation. Given the critical nature of healthcare data and the regulatory environment in Europe (e.g., GDPR), even limited information disclosure can have compliance and reputational consequences. Organizations with interconnected systems or remote access to Uniweb/SoliPACS are particularly vulnerable. The absence of authentication on critical functions also raises concerns about other potential undisclosed vulnerabilities. The medium severity rating suggests a moderate but non-trivial impact, warranting prompt attention to prevent escalation.

1. Immediately restrict network access to the Uniweb/SoliPACS WebServer, especially the specific page identified as vulnerable, using firewalls, VPNs, or network segmentation to limit exposure to trusted users only. 2. Implement web application firewalls (WAF) with custom rules to detect and block unauthorized access attempts to the vulnerable endpoint. 3. Conduct thorough audits of the Uniweb/SoliPACS WebServer configuration to ensure all critical functions require proper authentication and authorization. 4. Engage with EBM Technologies to obtain official patches or updates addressing the missing authentication issue; if unavailable, request guidance or temporary workarounds. 5. Monitor logs and network traffic for unusual access patterns or reconnaissance activities targeting the web server. 6. Educate IT and security teams about this vulnerability and the importance of securing all web server functions, especially in healthcare environments. 7. Consider deploying intrusion detection systems (IDS) tuned to detect exploitation attempts related to this vulnerability. 8. Review and strengthen overall identity and access management policies to minimize the risk of unauthorized access. 9. Plan for incident response readiness in case exploitation attempts are detected.