CVE-2025-61959

EPSS 0.04%
Veröffentlicht 29.10.2025 21:54:51
Zuletzt bearbeitet 06.11.2025 19:20:34
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vertikalsystems ≫ Hospital Manager Backend Services Version <= 2025-09-19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01

Third Party Advisory

US Government Resource

Mitigation

https://www.vertikalsystems.com/en/products/pm/contact.php

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-61959

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61959

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61959

EUVD