OTPulse
FeedAboutContact

Vertikal Systems Hospital Manager Backend Services

Plan Patch7.5ICS-CERT ICSMA-25-301-01Oct 28, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Vertikal Systems Hospital Manager Backend Services contains information disclosure and sensitive data exposure vulnerabilities (CWE-497, CWE-209) that allow an attacker to obtain unauthorized access and disclose sensitive information without authentication. The vulnerabilities affect Hospital Manager Backend Services versions prior to September 19, 2025. Vertikal Systems released a fix by September 19, 2025.

What this means
What could happen
An attacker could gain unauthorized access to the Hospital Manager Backend Services and read sensitive patient or operational data without authentication. This could expose protected health information and compromise patient privacy.
Who's at risk
Healthcare organizations operating Vertikal Systems Hospital Manager Backend Services need to address this vulnerability. This backend system manages hospital operations and patient data, so unauthorized information disclosure could expose sensitive medical records and operational details to attackers.
How it could be exploited
An attacker on the network could send a request to the Hospital Manager Backend Services without credentials and retrieve sensitive information due to insufficient access controls and information disclosure vulnerabilities. No special complexity or authentication is required.
Prerequisites
  • Network access to the Hospital Manager Backend Services
  • No valid credentials required
  • Service must be reachable from attacker's network location
remotely exploitableno authentication requiredlow complexitysensitive healthcare data exposureinformation disclosure of protected health information
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Hospital Manager Backend Services: <=September_19_2025≤ September 19 2025September_19_2025
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGEnsure Hospital Manager Backend Services are not exposed to the Internet or untrusted networks
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXContact Vertikal Systems support to obtain the September 19, 2025 or later update that fixes these vulnerabilities
HARDENINGPlace the Hospital Manager Backend Services behind a firewall and isolate from the business network when possible
HARDENINGIf remote access to the services is required, implement a VPN with the most current version available
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/539848eb-3a4a-4a35-a1d6-ccac55648546
Vertikal Systems Hospital Manager Backend Services | CVSS 7.5 - OTPulse