exploitDog

CVE-2025-61959

Опубликовано: 29 окт. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.

Ссылки

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01
Mitigation
Third Party Advisory
US Government Resource
https://www.vertikalsystems.com/en/products/pm/contact.php
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vertikalsystems:hospital_manager_backend_services:*:*:*:*:*:*:*:*

Версия до 2025-09-19 (включая)

EPSS

Процентиль: 13%

0.00043

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-209

Связанные уязвимости

GHSA-549x-5p4h-q5jp

CVSS3: 5.3

github

3 месяца назад

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.

EPSS

Процентиль: 13%

0.00043

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-209