{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T18:15:30.805","vulnerabilities":[{"cve":{"id":"CVE-2025-15581","sourceIdentifier":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","published":"2026-02-18T23:16:18.907","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. \n\nSuccessful exploitation could result in Privilege Escalation, potentially allowing full administrative access."},{"lang":"es","value":"Las versiones de Orthanc anteriores a la 1.12.10 se ven afectadas por un fallo de lógica de autorización en la implementación de Autenticación Básica HTTP de la aplicación.\n\nSi se explota con éxito podría provocarse una Escalada de Privilegios, permitiendo potencialmente acceso completo como administrador."}],"metrics":{"cvssMetricV40":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"},{"url":"https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"},{"url":"https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"},{"url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}