CVE-2025-23049 is a high-severity vulnerability classified as CWE-78, indicating an OS Command Injection flaw in the Meridian Technique Materialise OrthoView software up to version 7.5.1. This vulnerability arises when the servlet sharing feature is enabled, allowing an attacker to inject and execute arbitrary operating system commands on the affected server. The root cause is improper neutralization of special elements in user-supplied input, which is then passed to OS commands without sufficient sanitization or validation. The CVSS 4.0 base score of 8.4 reflects a high impact, with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality, integrity, and availability with high confidentiality and availability impact, and low integrity impact. The scope is limited to the vulnerable OrthoView instances with servlet sharing enabled, but the lack of authentication requirement and ease of exploitation make it a serious threat. No known exploits are currently in the wild, and no patches have been published yet. OrthoView is a specialized medical imaging software used primarily in orthopedic planning and diagnostics, which means exploitation could lead to unauthorized access to sensitive patient data, manipulation of medical images, or disruption of clinical workflows.

For European organizations, particularly healthcare providers and medical institutions using Materialise OrthoView, this vulnerability poses significant risks. Exploitation could lead to unauthorized disclosure of sensitive patient health information, violating GDPR and other data protection regulations, resulting in legal and financial penalties. Integrity of medical images and planning data could be compromised, potentially leading to incorrect diagnoses or treatment plans, directly impacting patient safety. Availability disruptions could halt clinical operations, causing delays in patient care. Given the critical nature of healthcare services and the increasing reliance on digital imaging tools, this vulnerability could undermine trust in healthcare IT systems and expose organizations to ransomware or other follow-on attacks if leveraged as an initial access vector.

Organizations should immediately review their deployment of Materialise OrthoView and disable servlet sharing if it is not essential, as this is the condition enabling the vulnerability. Until an official patch is released, network-level controls such as web application firewalls (WAFs) should be configured to detect and block suspicious command injection patterns targeting OrthoView endpoints. Strict input validation and sanitization should be enforced on any user inputs interacting with the application. Segmentation of the OrthoView servers from critical network segments and limiting access to trusted personnel can reduce exposure. Continuous monitoring and logging of application and system activities should be enhanced to detect anomalous command executions. Organizations should also engage with Materialise for timely updates and patches and plan for rapid deployment once available. Conducting penetration testing focused on command injection vectors can help identify residual risks.