CVE-2025-50594 is a critical vulnerability identified in the Danphe Health Hospital Management System EMR version 3.2, specifically within the SecuritySettingsController.cs file located in the /Code/Websites/DanpheEMR/Controllers/Settings/ directory. This vulnerability allows an unauthenticated attacker to reset any user account password without requiring any privileges or user interaction. The root cause relates to improper access control and authentication validation in the password reset functionality, classified under CWE-640 (Weak Password Recovery Mechanism). Exploiting this flaw enables an attacker to bypass normal security controls and forcibly reset passwords of arbitrary accounts, potentially including administrative users. The CVSS v3.1 base score is 9.8, reflecting the vulnerability’s critical nature due to network exploitability (AV:N), no required privileges (PR:N), no user interaction (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability’s characteristics make it highly exploitable and dangerous. The lack of available patches at the time of publication increases the urgency for mitigation. Given that Danphe Health EMR is a hospital management system, successful exploitation could lead to unauthorized access to sensitive patient data, manipulation of medical records, disruption of hospital operations, and potential violations of healthcare data protection regulations.

For European organizations, particularly healthcare providers using Danphe Health Hospital Management System EMR 3.2, this vulnerability poses a severe risk. Exploitation could lead to unauthorized access to protected health information (PHI), violating GDPR and other regional data protection laws, resulting in legal penalties and reputational damage. Attackers could alter or delete medical records, impacting patient care and safety. Additionally, disruption of hospital IT systems could cause operational downtime, delaying critical healthcare services. The critical nature of the vulnerability means that attackers can gain control without authentication or user interaction, increasing the likelihood of widespread compromise. Given the sensitivity of healthcare data and the criticality of hospital operations, the impact extends beyond data loss to potential threats to patient health and safety. Furthermore, healthcare institutions are often targeted by ransomware and other cyberattacks, and this vulnerability could be leveraged as an initial access vector or privilege escalation method in multi-stage attacks.

Immediate mitigation steps include implementing strict network segmentation and access controls to limit exposure of the Danphe EMR system to untrusted networks. Organizations should monitor and restrict access to the password reset functionality, possibly disabling it temporarily if feasible. Deploying Web Application Firewalls (WAFs) with custom rules to detect and block anomalous password reset requests can provide an additional layer of defense. Since no official patches are available yet, organizations should engage with Danphe Health support to obtain any available hotfixes or workarounds. Conduct thorough audits of user accounts and reset passwords for critical accounts proactively. Implement multi-factor authentication (MFA) for all user accounts to reduce the risk of unauthorized access even if passwords are reset. Regularly monitor logs for suspicious activities related to account management and password resets. Finally, prepare incident response plans specifically addressing potential exploitation scenarios of this vulnerability.