Vitals ESP, developed by Galaxy Software Services, contains an incorrect authorization flaw that permits an authenticated remote attacker to perform certain administrative functions that are normally reserved for privileged users. The vulnerability is classified as an access‑control bypass (CWE‑863) and could allow an attacker to modify sensitive data, alter system settings, or otherwise gain elevated control within the application. The official CVSS score of 8.7 indicates a high potential impact on confidentiality, integrity, and availability once privilege escalation is achieved.

The affected product is Galaxy Software Services Vitals ESP. No specific version information is provided in the report, so any deployed instance of Vitals ESP remains potentially vulnerable until a vendor patch is applied.

Based on the description, it is inferred that the attack requires an authenticated remote session, meaning that only users with valid credentials or compromised accounts can exploit the flaw. The high CVSS score signals that, once accessed, the attacker can dramatically elevate privileges. Although the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the lack of publicly known exploits does not reduce the risk; an attacker with legitimate credentials could readily abuse the vulnerability in a timely manner.