Vertikal Systems Hospital Manager Backend Services Generation of Error Message...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.

Basic Information

ID CVE-2025-61959

Source icscert

Published Oct 29, 2025 at 21:54

Affected Product

Vendor Vertikal Systems

Product Hospital Manager Backend Services

Affected Versions Vertikal Systems Hospital Manager Backend Services 0

CWE Classification

CWE-209

References

{
    "lastseen": "",
    "description": "Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode=\"Off\"', which could have facilitated reconnaissance by unauthenticated attackers.",
    "published": "2025-10-29T21:54:51.533Z",
    "modified": "2025-10-29T21:54:51.533Z",
    "type": "cve",
    "title": "Vertikal Systems Hospital Manager Backend Services Generation of Error Message Containing Sensitive Information",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01\nhttps://www.vertikalsystems.com/en/products/pm/contact.php",
    "id": "CVE-2025-61959",
    "bulletinFamily": "",
    "cwe": [
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "Vertikal Systems Hospital Manager Backend Services 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Hospital Manager Backend Services",
    "version": "0",
    "vendor": "Vertikal Systems",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vertikal Systems Hospital Manager Backend Services Generation of Error Message Containing Sensitive Information_CVE-2025-61959