CVE-2025-9772
BaseFortify
Publication date: 2025-09-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| remoteclinic | remote_clinic | to 2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9772 is a critical vulnerability in RemoteClinic version 2.0, specifically in the /staff/edit.php file. It allows attackers to manipulate the 'image' argument to perform unrestricted file uploads without any authentication. This means an attacker can upload malicious files, such as scripts, which the application may automatically process. This flaw arises from insufficient validation and lack of restrictions on the file upload parameter, enabling remote attackers to execute malicious code, gain unauthorized access, and compromise the system's confidentiality, integrity, and availability. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to severe impacts including unauthorized remote code execution, unauthorized system access, data compromise, malware spreading, and potential service disruptions. Attackers can upload malicious scripts that run on the server, manipulate or access sensitive data, and disrupt system operations, severely affecting the security and availability of the affected system. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable endpoint /staff/edit.php on your RemoteClinic 2.0 system. One method is using Google Dorking with the query "inurl:staff/edit.php" to find exposed instances. Additionally, a proof-of-concept exploit involves uploading a PHP shell script using a multipart/form-data POST request. A sample curl command to test exploitability is available, which uploads a test PHP file to the server to confirm if unrestricted upload is possible. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Replacing the vulnerable RemoteClinic 2.0 product with an alternative, as it is no longer supported. 2) Implementing strict file upload validation such as MIME type checks, file extension whitelisting, and file content inspection to allow only safe file types (e.g., .jpg, .png). 3) Enforcing file size limits to prevent abuse. 4) Storing uploaded files outside the web root directory to prevent direct execution. 5) Renaming uploaded files with unique random names to avoid path traversal and collisions. 6) Conducting regular security audits of the file upload functionality. Since no official patches or countermeasures are published, replacing the product or applying these controls is critical. [1, 3]