Login Sign Up

CVE-2025-63513

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in appointment cancellation functionality. This allows attackers to cancel appointments they don't own by manipulating object references. All users of Hospital Management System v4 are affected.

💻 Affected Systems

Products:
  • kishan0725 Hospital Management System
Versions: v4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of v4 are vulnerable by default. No special configuration required.

📦 What is this software?

Hospital Management System by Kishan0725

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could cancel all appointments in the system, causing complete disruption of hospital operations and potential patient harm from missed critical appointments.

🟠

Likely Case

Malicious users cancel specific appointments they target, causing operational disruption and patient inconvenience.

🟢

If Mitigated

With proper authorization checks, only appointment owners or authorized staff can cancel appointments, preventing unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access but minimal technical skill. Public GitHub repository contains proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check GitHub issues for community fixes or implement workarounds.

🔧 Temporary Workarounds

Implement Authorization Checks

all

Add server-side authorization checks to verify user has permission to cancel specific appointments

Manual code modification required - no single command

Use Indirect Reference Maps

all

Replace direct object references with indirect references that require authorization lookup

Manual code modification required - no single command

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block IDOR patterns
  • Enable detailed logging of all appointment cancellation attempts and monitor for unauthorized access

🔍 How to Verify

Check if Vulnerable:

Test if you can cancel another user's appointment by modifying appointment ID parameter in cancellation request

Check Version:

Check system configuration or about page for version information

Verify Fix Applied:

Verify that attempting to cancel another user's appointment returns authorization error

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authorization attempts for appointment cancellation
  • User canceling appointments not in their schedule

Network Indicators:

  • HTTP requests with manipulated appointment IDs in cancellation endpoints

SIEM Query:

source="web_logs" AND (uri="*/cancel_appointment*" OR uri="*/delete_appointment*") AND status=200 AND user_id!=appointment_owner_id

📊 Metadata

CVE ID: CVE-2025-63513
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-639
EPSS Score: 0.04% exploit probability (12.3th percentile)
Published: November 18, 2025
Last Updated: November 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63513, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)