CVE-2025-61959
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-06
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vertikalsystems | hospital_manager_backend_services | to 2025-09-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Hospital Manager Backend Services returning detailed ASP.NET error pages when invalid WebResource.axd requests are made. These error pages disclose sensitive information such as the framework and ASP.NET version, stack traces, internal paths, and reveal that the 'customErrors' configuration is set to 'Off'. This information disclosure could help unauthenticated attackers perform reconnaissance on the system.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive internal information about the web application, such as framework versions and internal paths. This information can be used by attackers to identify weaknesses or plan further attacks, increasing the risk of unauthorized access or exploitation.