CVE-2025-23049 is a high-severity OS Command Injection vulnerability (CWE-78) affecting the Meridian Technique Materialise OrthoView software up to version 7.5.1 when servlet sharing is enabled. OrthoView is a medical imaging software product used primarily in orthopedic planning and visualization. The vulnerability arises due to improper neutralization of special elements in user-supplied input that is passed to operating system commands. This allows an unauthenticated attacker to execute arbitrary OS commands remotely without requiring user interaction. The CVSS 4.0 base score of 8.4 reflects the high impact and relatively low attack complexity, with no privileges or user interaction needed. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary command execution can lead to data theft, modification, or service disruption. The scope is limited to installations where servlet sharing is enabled, which may be a configurable feature in OrthoView environments. No known exploits are currently reported in the wild, and no patches have been published yet. However, the presence of this vulnerability in a medical imaging system used in clinical environments poses significant risks, especially given the critical nature of healthcare data and operations. Attackers exploiting this flaw could gain control over the underlying system, potentially disrupting patient care workflows or exfiltrating sensitive medical data.

For European organizations, particularly healthcare providers and medical imaging centers using Materialise OrthoView, this vulnerability could have severe consequences. Exploitation could lead to unauthorized access to sensitive patient data, violating GDPR and other data protection regulations. Integrity of medical images and planning data could be compromised, leading to incorrect diagnoses or treatment plans. Availability impacts could disrupt clinical operations, causing delays in patient care. Given the critical role of OrthoView in orthopedic planning, any downtime or data manipulation could have direct patient safety implications. Additionally, healthcare organizations in Europe are frequent targets of ransomware and cyber espionage; this vulnerability could be leveraged as an initial access vector or lateral movement tool. The lack of authentication and user interaction requirements increases the risk of automated exploitation attempts. Overall, the vulnerability poses a high risk to confidentiality, integrity, and availability of healthcare services and data in Europe.

1. Immediately audit all OrthoView installations to identify if servlet sharing is enabled; disable this feature if not strictly necessary. 2. Implement strict network segmentation and firewall rules to restrict access to OrthoView servers, limiting exposure to trusted internal networks only. 3. Monitor logs and network traffic for unusual command execution patterns or unexpected system calls originating from OrthoView processes. 4. Apply principle of least privilege to the OrthoView service account to minimize potential damage from command execution. 5. Engage with Materialise support to obtain patches or workarounds as soon as they become available. 6. Consider deploying application-layer firewalls or intrusion prevention systems with custom rules to detect and block command injection payloads targeting OrthoView. 7. Conduct regular security assessments and penetration tests focusing on medical imaging infrastructure. 8. Educate IT and security teams about this specific vulnerability and ensure incident response plans include scenarios involving medical device compromise.