CVE-2025-0896
Published: 13 February 2025
Summary
CVE-2025-0896 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Orthanc-Server Orthanc. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Establishes and enforces remote access policies requiring authentication, directly preventing unauthorized network access to the Orthanc server when remote access is enabled.
Limits and monitors specific actions permitted without identification or authentication, mitigating the missing basic authentication for critical server functions.
Mandates secure configuration settings to enable authentication by default for remote access, addressing the Orthanc server's vulnerable default configuration.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication on public-facing Orthanc server (CWE-306) directly enables remote exploitation without credentials or user interaction.
NVD Description
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
Deeper analysisAI
CVE-2025-0896 is a critical authentication vulnerability in Orthanc server versions prior to 1.5.8. The issue arises because the server does not enable basic authentication by default when remote access is configured, potentially exposing the service to unauthorized access by attackers. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function). Published on 2025-02-13, this flaw affects Orthanc, an open-source DICOM server commonly used in medical imaging environments.
Any unauthenticated attacker with network access to the Orthanc server can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Exploitation enables unauthorized access to the server, resulting in high-impact consequences across confidentiality, integrity, and availability, such as viewing sensitive patient data, altering DICOM resources, or denying service.
The CISA ICS medical advisory ICSMA-25-037-02 provides additional details on this vulnerability: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-02. Mitigation requires upgrading to Orthanc server version 1.5.8 or later, along with ensuring proper authentication configuration for remote access.
Details
- CWE(s)