The Cybersecurity and Infrastructure Security Agency is warning hospitals about two security issues in Vertikal Systems’ Hospital Manager Backend Services that could let hackers see sensitive system information.
In an Oct. 28 advisory, CISA said the problems affect versions of the software released on Sept. 19, 2025, and earlier. The software is used in hospitals and public health systems around the world.
One issue could let attackers view private system details through an exposed tracing tool, including request data, session IDs and authorization information. CISA gave this flaw a CVSS v4 score of 8.7, meaning it is serious and easy to exploit.
The second issue could show detailed error messages that reveal information about how the system is built. CISA gave this flaw a CVSS v4 score of 6.9.
Vertikal Systems, based in Romania, fixed both issues by Sept. 19, according to CISA. The agency said users should update their systems and take extra steps to protect them, such as using firewalls, keeping networks separate and making sure virtual private networks are up to date.
CISA said it has not seen any public reports of hackers exploiting these vulnerabilities.
