Vulnerabilities

CVE-2025-54459

by Fred · 29/10/2025

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.

More information : https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01

Similar

Tags: Cybersecurity Alert