CVE-2025-23049
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-10-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-23049 is a high-severity security vulnerability in Materialise OrthoView version 7.5.1 and earlier that allows unauthenticated users to execute arbitrary operating system commands on the OrthoView server when servlet sharing is enabled. This means an attacker can run arbitrary code remotely without needing any privileges or user interaction, potentially compromising the server. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary commands on the OrthoView server remotely, which could lead to unauthorized control over the system, data compromise, disruption of service, or further attacks within the network. Since OrthoView is used for orthopaedic planning and integrates with medical imaging systems, exploitation could impact clinical workflows and patient data integrity. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
If your OrthoView installation has servlet sharing enabled, you should contact OrthoView support at [email protected] for guidance. Installations without servlet sharing enabled are not vulnerable and require no mitigation. Immediate mitigation involves disabling servlet sharing if possible or following the vendor's instructions once provided. [1]