CVE-2025-0896

CVE-2025-0896 is a critical authentication vulnerability in Orthanc server versions prior to 1.5.8. The issue arises because the server does not enable basic authentication by default when remote access is configured, potentially exposing the service to unauthorized access by attackers. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function). Published on 2025-02-13, this flaw affects Orthanc, an open-source DICOM server commonly used in medical imaging environments.

Any unauthenticated attacker with network access to the Orthanc server can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Exploitation enables unauthorized access to the server, resulting in high-impact consequences across confidentiality, integrity, and availability, such as viewing sensitive patient data, altering DICOM resources, or denying service.

The CISA ICS medical advisory ICSMA-25-037-02 provides additional details on this vulnerability: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-02. Mitigation requires upgrading to Orthanc server version 1.5.8 or later, along with ensuring proper authentication configuration for remote access.