PatchSiren cyber security CVE debrief
CVE-2025-60231 EMV CVE debrief
CVE-2025-60231 is a critical Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital, allowing Object Injection. The issue affects The Hospital from n/a through 1.8.1, with a CVSS score of 9.8. This vulnerability was published on 2026-06-17T14:17:31.167Z and last modified on 2026-06-17T15:16:36.080Z. Users should update to a patched version to prevent potential attacks.
- Vendor
- EMV
- Product
- The Hospital
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Administrators and users of EMV The Hospital nrghospital, especially those using versions from n/a through 1.8.1, should be aware of this critical vulnerability and take immediate action to update to a patched version.
Technical summary
The CVE-2025-60231 vulnerability is caused by a Deserialization of Untrusted Data issue in EMV The Hospital nrghospital, which allows for Object Injection. This vulnerability has a CVSS score of 9.8, indicating a critical severity level. The affected product is The Hospital, with versions ranging from n/a to 1.8.1 being vulnerable.
Defensive priority
high
Recommended defensive actions
- Update The Hospital to a patched version.
- Restrict access to sensitive areas of the application.
- Implement input validation and sanitization.
- Use secure deserialization practices.
- Monitor for suspicious activity.
- Consider using a Web Application Firewall (WAF).
- Keep software and dependencies up-to-date.
Evidence notes
The information provided is based on data from the CVE.org and NVD databases. The CVE record and NVD detail pages provide further information on this vulnerability.
Official resources
-
CVE-2025-60231 CVE record
CVE.org
-
CVE-2025-60231 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
public