CVE-2025-61959 describes an information disclosure issue in Vertikal Systems Hospital Manager Backend Services. Prior to September 19, 2025, invalid WebResource.axd requests could trigger verbose ASP.NET error pages that exposed framework and ASP.NET version details, stack traces, internal paths, and the configuration setting customErrors mode="Off". CISA states the issue was fixed by September 19, 2025. [truncated]
CVE-2025-54459 covers an unauthenticated exposure of the ASP.NET tracing endpoint /trace.axd in Vertikal Systems Hospital Manager Backend Services. The issue could let a remote attacker view live request traces and sensitive information, including request metadata, session identifiers, authorization headers, server variables, and internal file paths. Vertikal Systems reported the issue was fixed by Septem [truncated]
