CVE-2025-11672 identifies a missing authentication vulnerability (CWE-306) in the Uniweb/SoliPACS WebServer developed by EBM Technologies. The vulnerability allows unauthenticated remote attackers to access a particular web page that reveals user group names. This occurs because the affected page does not enforce any authentication or authorization checks, exposing internal user group information to anyone who can reach the web server. The disclosed user group names can provide attackers with valuable intelligence about the system's user roles and permissions, facilitating further targeted attacks such as privilege escalation or social engineering. The vulnerability affects all versions of the product as indicated (version 0 listed, likely meaning all or initial versions). The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no authentication or user interaction required, and low impact on confidentiality only. There is no known exploit in the wild, and no patches have been published yet. The vulnerability is classified as medium severity due to the limited scope of information disclosure and lack of direct system compromise. However, it poses a risk as an initial reconnaissance vector in multi-stage attacks against healthcare or medical imaging environments where Uniweb/SoliPACS is deployed.

For European organizations, especially those in healthcare and medical imaging sectors using Uniweb/SoliPACS WebServer, this vulnerability can lead to unauthorized disclosure of user group information. While the direct impact on confidentiality is low, the information gained can assist attackers in mapping user roles and planning more sophisticated attacks such as privilege escalation or targeted phishing. This could indirectly compromise patient data confidentiality or disrupt healthcare services if followed by further exploitation. The vulnerability does not affect system integrity or availability directly, but the reconnaissance advantage it provides increases the overall risk posture. Given the critical nature of healthcare infrastructure in Europe and strict data protection regulations like GDPR, even limited information disclosure can have regulatory and reputational consequences. Organizations relying on this product should consider the vulnerability a potential stepping stone for attackers and act accordingly.

Since no official patches are currently available, European organizations should implement compensating controls immediately. These include restricting network access to the Uniweb/SoliPACS WebServer to trusted internal networks only, using network segmentation and firewalls to block unauthorized external access. Employ web application firewalls (WAFs) to detect and block requests targeting the vulnerable page. Conduct thorough audits of user group configurations and minimize exposed user roles to reduce the value of disclosed information. Monitor web server logs for unusual access patterns to the specific page. Engage with EBM Technologies for timely patch updates and apply them as soon as they are released. Additionally, implement strong authentication and authorization mechanisms on all web server functions and conduct regular security assessments to identify similar weaknesses. Educate IT staff about the risks of missing authentication controls and ensure secure development practices are followed for future updates.