CVE-2025-11671 identifies a missing authentication vulnerability (CWE-306) in the Uniweb/SoliPACS WebServer developed by EBM Technologies. This vulnerability allows unauthenticated remote attackers to directly access a specific web page without any authentication checks. The exposed page reveals sensitive information including account names and IP addresses, which can be leveraged for further attacks such as targeted phishing, brute force attempts, or network reconnaissance. The vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, increasing its risk profile. The CVSS v3.1 base score is 5.3 (medium), reflecting the limited impact on confidentiality only, with no impact on integrity or availability. The affected product version is indicated as '0', which likely means all current versions are affected or the versioning is not clearly specified. No patches or fixes have been published at the time of disclosure, and no known exploits have been observed in the wild. The vulnerability arises from a failure to enforce authentication on a critical function, violating secure design principles and exposing internal system information. This exposure can facilitate attackers in mapping the environment and identifying valid accounts, which is often a precursor to more severe attacks. The vulnerability is categorized under CWE-306, emphasizing the lack of authentication controls on sensitive functionality.

For European organizations, particularly those in healthcare or sectors relying on Uniweb/SoliPACS WebServer, this vulnerability poses a risk of sensitive information leakage. Disclosure of account names and IP addresses can enable attackers to conduct targeted attacks such as credential stuffing, social engineering, or lateral movement within networks. While the vulnerability does not directly compromise data integrity or system availability, the loss of confidentiality can undermine trust and lead to regulatory compliance issues under GDPR, especially if the leaked information can be linked to personal data or system access. Healthcare providers and related entities are attractive targets for cybercriminals and nation-state actors, increasing the likelihood of exploitation attempts. The absence of authentication on critical functions also indicates potential systemic weaknesses in the product’s security design, which may be exploited in combination with other vulnerabilities. The medium severity rating reflects a moderate risk but should not lead to complacency given the sensitive nature of the affected environments. Organizations may face reputational damage and increased incident response costs if attackers leverage this information for further compromise.

1. Implement network-level access controls to restrict access to the Uniweb/SoliPACS WebServer, allowing only trusted internal IP ranges or VPN connections. 2. Deploy web application firewalls (WAFs) with custom rules to detect and block unauthorized access attempts to the vulnerable page or similar endpoints. 3. Conduct thorough internal audits of the web server configuration to identify and disable any unauthenticated access points. 4. Monitor logs for unusual access patterns, such as repeated requests to the exposed page or access from unexpected external IP addresses. 5. Engage with EBM Technologies for updates and patches, and apply any security updates promptly once available. 6. Consider isolating the web server within a segmented network zone to limit exposure. 7. Educate security teams to recognize reconnaissance activities that may stem from this vulnerability exploitation. 8. If feasible, implement additional authentication mechanisms or reverse proxies that enforce authentication before requests reach the vulnerable server. 9. Review and strengthen overall authentication and authorization policies for all critical functions within the environment to prevent similar issues.