CVE-2025-0896CRITICAL 9.8EPSS p81.5%

CVE-2025-0896CVE-2025-0896

Description

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.35% probability of exploitation · percentile 81.5% · 2026-06-19T12:03:05Z
Published2025-02-13
Last modified2025-07-30

Underlying weaknesses· 1

CWE-306

References

  1. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-02

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1387
CVE
CVE-2026-10528
CVE
CVE-2025-8093
CVE
CVE-2025-28202
CVE
CVE-2025-30026
CVE
CVE-2025-8025
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.