<ciso brief/>
Tag Banner

All news with #cve-2025-61959 tag

all tags →

Tue, October 28, 2025

Vertikal Systems Hospital Manager Backend Services

#Security Advisory #Patch #Disclosure #CVE-2025-54459 #CVE-2025-61959 #ASP.NET

⚠️ CISA disclosed critical vulnerabilities in Vertikal Systems Hospital Manager Backend Services that were fixed as of September 19, 2025. One flaw exposed the unauthenticated ASP.NET tracing endpoint (/trace.axd), allowing disclosure of request traces, headers, session identifiers, and internal paths. A second flaw returned verbose ASP.NET error pages for invalid WebResource.axd requests, revealing framework versions, stack traces, and server paths. CVE-2025-54459 and CVE-2025-61959 were assigned; organizations should apply vendor updates and follow network isolation best practices.

read more →