CVE-2025-15581 identifies a security vulnerability in the Orthanc server, an open-source DICOM medical imaging archive widely used in healthcare environments. The flaw resides in the HTTP Basic Authentication mechanism implemented in Orthanc versions before 1.12.10, where improper authorization logic allows an attacker to bypass or escalate privileges. Specifically, the vulnerability is categorized under CWE-287 (Improper Authentication), indicating that the authentication checks do not sufficiently verify user credentials or session states, enabling unauthorized privilege escalation. Successful exploitation could allow an attacker with limited privileges or requiring some user interaction to gain full administrative rights on the Orthanc server. This elevated access could lead to unauthorized viewing, modification, or deletion of sensitive medical imaging data, severely impacting confidentiality and integrity. The CVSS 4.7 score reflects a medium severity, considering the network attack vector, low attack complexity, partial authentication required, and high impact on confidentiality. No public exploits have been reported yet, but the vulnerability's presence in critical healthcare infrastructure makes it a significant concern. The flaw affects all versions prior to 1.12.10, and no patch links were provided, but upgrading to the fixed version is the primary remediation step.

For European organizations, particularly those in the healthcare sector, this vulnerability poses a significant risk. Orthanc servers often store and manage sensitive patient imaging data, and unauthorized administrative access could lead to data breaches, manipulation of medical records, or disruption of healthcare services. The impact extends beyond confidentiality to integrity and availability, as attackers could alter or delete critical medical images or configurations. Given the reliance on Orthanc in hospitals and medical research institutions across Europe, exploitation could undermine patient trust and violate GDPR regulations concerning personal health data protection. Additionally, healthcare providers may face operational disruptions and reputational damage. The medium CVSS score suggests moderate ease of exploitation, but the consequences of a successful attack are severe, warranting urgent attention.

1. Immediately upgrade Orthanc servers to version 1.12.10 or later where the authentication flaw is corrected. 2. Conduct a thorough audit of authentication and authorization configurations to ensure no legacy or weak credentials remain. 3. Implement network segmentation to restrict access to Orthanc servers only to trusted internal systems and personnel. 4. Enable and monitor detailed logging for authentication attempts and administrative actions to detect suspicious activities early. 5. Use multi-factor authentication (MFA) where possible to add an additional security layer beyond HTTP Basic Authentication. 6. Regularly review and update access control policies to minimize privilege assignments and enforce the principle of least privilege. 7. Educate staff about phishing and social engineering risks that could facilitate user interaction needed for exploitation. 8. Establish incident response procedures specific to medical imaging systems to quickly contain and remediate any compromise.