CVE-2025-54459 is a vulnerability identified in Vertikal Systems' Hospital Manager Backend Services, specifically involving the exposure of the ASP.NET tracing endpoint /trace.axd without any authentication controls. This endpoint is designed to provide detailed trace information for debugging purposes, including live request traces that contain sensitive information such as HTTP request metadata, session identifiers, authorization headers, server environment variables, and internal file system paths. Because the endpoint is accessible remotely without authentication or user interaction, any attacker with network access to the backend services can retrieve this sensitive data. The vulnerability is classified under CWE-497, which pertains to the exposure of sensitive system information to unauthorized entities. The CVSS 4.0 base score of 8.7 reflects the high impact on confidentiality and ease of exploitation (network vector, no privileges or user interaction required). The exposure of session tokens and authorization headers can enable attackers to hijack sessions or escalate privileges, while internal file paths and server variables can aid in further reconnaissance and exploitation. Although no exploits have been reported in the wild as of the publication date, the vulnerability presents a significant risk to the confidentiality and integrity of hospital backend systems. The affected product is critical in managing hospital operations, making the impact of a breach potentially severe in terms of patient data privacy and operational disruption.

For European organizations, particularly those in the healthcare sector, this vulnerability could lead to unauthorized disclosure of sensitive patient data and internal system information. The exposure of session identifiers and authorization headers increases the risk of session hijacking and unauthorized access to protected resources. This could result in data breaches, regulatory non-compliance (e.g., GDPR violations), and loss of patient trust. Additionally, internal file paths and server variables disclosed through the trace endpoint can facilitate further targeted attacks, such as privilege escalation or lateral movement within hospital networks. Given the critical nature of healthcare services, any disruption or data compromise could have severe consequences on patient care and safety. The vulnerability's ease of exploitation and lack of authentication requirements make it a high-risk threat for European hospitals using Vertikal Systems’ Hospital Manager Backend Services.

1. Immediately disable the /trace.axd endpoint on all Hospital Manager Backend Services installations if it is not required for debugging or monitoring. 2. If tracing is necessary, restrict access to the /trace.axd endpoint by implementing strong authentication and network-level access controls (e.g., IP whitelisting, VPN access). 3. Monitor network traffic and logs for any unauthorized access attempts to the /trace.axd endpoint. 4. Apply any patches or updates provided by Vertikal Systems as soon as they become available. 5. Conduct a thorough security review of all backend services to ensure no other debugging or diagnostic endpoints are exposed without proper protection. 6. Educate IT and security teams about the risks of exposing diagnostic endpoints in production environments. 7. Implement robust session management and token security to mitigate the impact if session identifiers are leaked. 8. Regularly audit and update security configurations to prevent similar exposures in the future.