CVE-2025-50594

Danphe Health · Hospital Management System EMR

A critical authentication vulnerability in the Danphe Health Hospital Management System EMR version 3.2 allows unauthorized attackers to reset user account passwords via the SecuritySettingsController.

Executive summary

A critical vulnerability in Danphe Health Hospital Management System EMR allows unauthorized attackers to reset any user account password, leading to complete account takeover.

Vulnerability

The flaw resides in the SecuritySettingsController.cs file, which fails to properly validate requests, allowing an attacker to trigger a password reset for arbitrary accounts. This is a severe authentication/authorization flaw affecting the system's security settings.

Business impact

With a CVSS score of 9.8, this vulnerability presents a catastrophic risk to the confidentiality and integrity of sensitive patient health information. Unauthorized password resets enable attackers to take over administrative or provider accounts, leading to potential data theft, unauthorized medical record modification, and severe regulatory non-compliance.

Remediation

Immediate Action: Contact Danphe Health support immediately to obtain and apply the necessary security patch for version 3.2.

Proactive Monitoring: Audit user account changes and password reset logs for suspicious activity, particularly those occurring outside of standard administrative workflows.

Compensating Controls: Implement strict network-level access controls to the EMR system and restrict access to the affected controller endpoints if possible via a Web Application Firewall (WAF).

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This is an extremely high-risk vulnerability that directly threatens sensitive healthcare data. It is imperative that administrators coordinate with the vendor to deploy the patch immediately and conduct a thorough audit of account access logs to ensure no compromise has already occurred.