CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-54459

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01

Products affected by CVE-2025-54459

Vertikalsystems » Hospital Manager Backend Services » Version: Any

cpe:2.3:a:vertikalsystems:hospital_manager_backend_services:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-54459

Products

Pricing

Contact Us