CRITICAL
Orthanc
CVE published 2025-02-06
CVE-2025-0896
CVE-2025-0896 affects Orthanc Server versions prior to 1.5.8. According to the CISA CSAF advisory, when remote access is enabled, basic authentication is not enabled by default, which can leave the service open to unauthorized access. The advisory rates the issue CVSS 9.8 (Critical). Orthanc advises updating to the latest version or explicitly enabling HTTP authentication by setting AuthenticationEnabled [truncated]