CVE-2025-15581
Orthanc 1.12.9 User Impersonation
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
https://www.cve.org/CVERecord?id=CVE-2025-15581
Orthanc 1.12.9 User Impersonation
A simple code review can lead to some quick wins if you know where to look. A couple hours of staring at C++ code led us to a user impersonation vulnerability in Orthanc 1.12.9.
Nikolai Makaroff