ASP.NET Error Handling Issue in Hospital Manager Backend Services
CVE-2025-61959

6.9MEDIUM

Key Information:

Vendor: Vertikal Systems
Status: Hospital Manager Backend Services
Vendor: CVE Published:; 29 October 2025

🔔 Create Vertikal Systems Vulnerability Alert

What is CVE-2025-61959?

The Hospital Manager Backend Services, prior to September 19, 2025, expose verbose ASP.NET error pages in response to invalid WebResource.axd requests. This flaw discloses sensitive information such as framework version details, stack traces, and internal file paths. Additionally, the presence of an insecure configuration setting, 'customErrors mode="Off"', could potentially aid unauthenticated attackers in reconnaissance efforts, enhancing the risk to the underlying system.

Affected Version(s)

Hospital Manager Backend Services 0

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://www.vertikalsystems.com/en/products/pm/contact.php

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 8, 2025

Credit

Pundhapat Sichamnong reported these vulnerabilities to CISA.

JSON