PT-2025-44350 · Unknown · Hospital Manager Backend Services
Published
2025-10-29
·
Updated
2025-11-06
·
CVE-2025-61959
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Hospital Manager Backend Services versions prior to September 19, 2025
Description
The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed framework and ASP.NET version details, stack traces, internal paths, and the insecure configuration
customErrors mode="Off". This information could have been used by unauthenticated attackers for reconnaissance purposes.Recommendations
Ensure the Hospital Manager Backend Services are updated to a version released on or after September 19, 2025.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hospital Manager Backend Services