CVE-2025-23049 is an OS Command Injection vulnerability identified in Materialise OrthoView, a software product used primarily in medical imaging and orthopedic planning. The vulnerability exists in versions up to and including 7.5.1 and is triggered when the servlet sharing feature is enabled. Servlet sharing likely involves the reuse or sharing of servlet contexts or resources, which in this case leads to improper sanitization of user-supplied input before it is passed to operating system commands. This improper neutralization of special elements (CWE-78) allows an attacker to inject arbitrary OS commands remotely without authentication or user interaction. The CVSS 4.0 base score of 8.4 reflects the vulnerability's high impact, with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability. The vulnerability could allow attackers to execute commands that compromise the host system, steal sensitive patient data, disrupt medical services, or use the system as a foothold for further network penetration. Although no public exploits are currently known, the vulnerability's characteristics make it a critical risk for healthcare providers using OrthoView, especially in environments where servlet sharing is enabled and external network access is possible.

For European organizations, particularly healthcare providers and medical imaging centers using Materialise OrthoView, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive patient data, disruption of critical medical imaging workflows, and potential manipulation or destruction of medical records. Given the critical nature of healthcare services, any downtime or data breach could have severe consequences for patient care and regulatory compliance under GDPR. Additionally, compromised systems could serve as entry points for broader network attacks, threatening hospital IT infrastructure. The impact extends beyond confidentiality to integrity and availability, potentially causing delays in diagnosis and treatment. The high CVSS score and unauthenticated remote exploitability underscore the urgency for European healthcare entities to prioritize mitigation. The lack of known exploits currently provides a window for proactive defense but also means attackers may develop exploits soon after disclosure.

Immediate mitigation steps include disabling the servlet sharing feature in Materialise OrthoView installations until a vendor patch is available, as this is the condition that enables exploitation. Organizations should monitor network traffic and system logs for unusual command execution patterns or unauthorized access attempts. Network segmentation should be enforced to limit exposure of OrthoView servers to untrusted networks, especially the internet. Access controls must be reviewed and tightened to restrict administrative interfaces to trusted personnel and networks. Once Materialise releases a security patch, it should be applied promptly following thorough testing. Additionally, implementing application-layer firewalls or intrusion prevention systems that can detect and block command injection attempts can provide an additional layer of defense. Regular vulnerability scanning and penetration testing focused on OrthoView deployments can help identify residual risks. Finally, staff training on recognizing signs of compromise and incident response readiness will improve organizational resilience.