CVSS 3.1 Score 6.1 of 10 (medium)


Published Jan 24, 2024
Updated: Jan 30, 2024


CVE-2024-22725 is a vulnerability that affects Orthanc versions before 1.12.2. The vulnerability is a reflected cross-site scripting (XSS) vulnerability, which was present in the server's error reporting. The affected products include various versions of r57_3F, r57_3E, r57_3H, and others. To remediate this vulnerability, users should update Orthanc to version 1.12.2 or later. The potential danger this vulnerability poses to an organization is rated as medium severity with a base score of 6.1 out of 10 according to The exploitability score is 2.8 out of 10, and no privileges are required for exploitation. User interaction is required, and the attack vector is through the network. The impact on integrity and confidentiality is low, and the availability impact is none according to CVSS:3.1 metrics.

Note: This report contains factual information based on the provided data but does not provide analysis or opinions about the significance or implications of the vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22725 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options