CVE-2025-50594
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| danphe | health_hospital_management_system_emr | 3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-50594 is an account takeover vulnerability in Danphe Health Hospital Management System EMR version 3.2. It exists in the /api/SecuritySettings/ResetPassword API endpoint, which allows password resets. The endpoint only checks if a user is authenticated via a valid JWT token but does not verify if the user has administrative privileges or restricts password resets to the user's own account. This means any authenticated user, regardless of role, can reset the password of any other user, including administrators, enabling full account takeover. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker who is authenticated as any user to reset the password of any other user, including administrators. This enables the attacker to take over accounts, potentially gaining full control over the system. Since the application handles Protected Health Information (PHI), exploitation could lead to unauthorized access to sensitive patient data, privacy breaches, and significant security risks. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability poses significant privacy and security risks due to unauthorized access to Protected Health Information (PHI). Exploitation could lead to breaches of confidentiality and unauthorized data access, which would negatively impact compliance with regulations such as GDPR and HIPAA that require strict protection of personal and health information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized password reset attempts to the /api/SecuritySettings/ResetPassword endpoint. You can intercept and analyze PUT requests to this endpoint using proxy tools like Burp Suite to check if password resets are allowed without proper administrative privileges. Network monitoring tools can be configured to alert on PUT requests to this endpoint from non-admin users. Additionally, reviewing application logs for password reset actions performed by non-administrative accounts can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /api/SecuritySettings/ResetPassword endpoint to only administrative users by implementing proper role-based access control checks. If possible, upgrade the Danphe Health Hospital Management System EMR to version 3.11.11 or later, where the vulnerability has been fixed. In the meantime, monitor and audit password reset activities closely and consider disabling the password reset functionality temporarily if feasible. [1]