Security Vulnerability

A security issue was discovered in OrthoView 7.5.1 and earlier versions. Under certain conditions, unauthenticated users may be able to execute arbitrary commands on the OrthoView server.

Vulnerability details:

• Vulnerability impact: arbitrary code execution
• Severity: high
• CVSS score: 8.4
• CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L
• CVE number: CVE-2025-23049

Solution

Determine whether you are vulnerable. The vulnerability only affects OrthoView installations with servlet sharing enabled. If you do not have that functionality enabled, you are not affected by this vulnerability and do not need to undertake any additional mitigation steps.

If your OrthoView installation has servlet sharing enabled, you are vulnerable, and you need to undertake additional steps to mitigate the vulnerability. Please contact OrthoView support via orthoviewsupport@materialise.co.uk for more information.