CVE-2025-11672 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in the Uniweb/SoliPACS WebServer developed by EBM Technologies. The vulnerability arises because a specific web page within the product lacks proper authentication controls, allowing any remote attacker to access it without credentials. This page discloses user group names, which are sensitive internal details that can provide attackers with valuable information about the organizational structure and user privileges. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and no impact on integrity, availability, or system confidentiality beyond the disclosed user group names (VC:L). The vulnerability affects all versions identified (version 0), and no patches or known exploits are currently available. The lack of authentication on this critical function represents a significant security oversight, as it facilitates reconnaissance activities that could precede more damaging attacks such as privilege escalation or targeted intrusions. Given the product's use in environments like healthcare, where Uniweb/SoliPACS is often deployed for medical imaging and patient data management, the exposure of user group information could aid attackers in crafting sophisticated attacks against sensitive systems.

For European organizations, particularly those in healthcare and sectors relying on Uniweb/SoliPACS WebServer, this vulnerability poses a risk primarily to confidentiality by leaking user group information. While it does not directly allow system compromise or data modification, the disclosed information can be leveraged by attackers to map user roles and plan targeted attacks such as phishing, social engineering, or privilege escalation attempts. This could lead to unauthorized access to sensitive patient data or disruption of healthcare services. The impact is heightened in environments with strict data protection regulations like GDPR, where unauthorized disclosure of internal user information can lead to compliance issues and reputational damage. Additionally, healthcare infrastructure is often a high-value target for cyberattacks in Europe, increasing the strategic importance of mitigating this vulnerability promptly.

1. Immediately implement authentication controls on the affected web page to restrict access to authorized users only. 2. Conduct a thorough security review of all web server endpoints to ensure no other critical functions lack proper authentication. 3. Monitor web server logs for unusual or unauthorized access attempts to the vulnerable page or similar endpoints. 4. Employ network segmentation and firewall rules to limit external access to the Uniweb/SoliPACS WebServer, restricting it to trusted internal networks where possible. 5. Engage with EBM Technologies for official patches or updates addressing this vulnerability and apply them as soon as they become available. 6. Educate IT and security teams about the risks of information disclosure vulnerabilities and incorporate regular vulnerability scanning focused on authentication controls. 7. Consider deploying web application firewalls (WAFs) with custom rules to block unauthorized access attempts to sensitive pages until patches are applied.