Unprotected ASP.NET Endpoint Vulnerability in Hospital Manager Backend Services
CVE-2025-54459

8.7HIGH

Key Information:

Vendor: Vertikal Systems
Status: Hospital Manager Backend Services
Vendor: CVE Published:; 29 October 2025

🔔 Create Vertikal Systems Vulnerability Alert

What is CVE-2025-54459?

The Hospital Manager Backend Services, prior to September 19, 2025, has a significant vulnerability involving the unprotected ASP.NET tracing endpoint, /trace.axd. This flaw allows unauthorized remote attackers to access sensitive information, including live request traces, session identifiers, authorization headers, server variables, and internal file paths, posing a serious risk to user data security and privacy.

Affected Version(s)

Hospital Manager Backend Services 0

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 8, 2025

Credit

Pundhapat Sichamnong reported these vulnerabilities to CISA.

JSON