Skip to main content

CVE-2025-47663: CWE-434 Unrestricted Upload of File with Dangerous Type in mojoomla Hospital Management System

Critical
VulnerabilityCVE-2025-47663cvecve-2025-47663cwe-434
Published: Fri May 23 2025 (05/23/2025, 12:43:22 UTC)
Source: CVE
Vendor/Project: mojoomla
Product: Hospital Management System

Description

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.

AI-Powered Analysis

AILast updated: 07/08/2025, 20:25:03 UTC

Technical Analysis

CVE-2025-47663 is a critical vulnerability classified under CWE-434, which pertains to the Unrestricted Upload of File with Dangerous Type in the mojoomla Hospital Management System. This vulnerability allows an attacker with at least low-level privileges (PR:L) to upload malicious files, specifically web shells, to the web server hosting the affected system. The vulnerability exists in mojoomla Hospital Management System versions 47.0(20 and possibly earlier or related builds, enabling an attacker to bypass file upload restrictions and place executable code on the server. The CVSS 3.1 score of 9.9 reflects the critical nature of this flaw, indicating that it can be exploited remotely (AV:N) with low attack complexity (AC:L), no user interaction (UI:N), and results in a complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component, potentially impacting the entire server environment. Although no known exploits are currently reported in the wild, the potential for exploitation is high due to the nature of the vulnerability and the critical assets involved. Hospital Management Systems are prime targets due to the sensitive patient data they handle and their role in healthcare operations. An attacker uploading a web shell could execute arbitrary commands, steal sensitive data, disrupt hospital operations, or pivot to other internal systems, leading to severe consequences including data breaches, ransomware deployment, or denial of service.

Potential Impact

For European organizations, particularly healthcare providers using mojoomla Hospital Management System, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive patient health information protected under GDPR, resulting in legal penalties and loss of patient trust. The integrity and availability of hospital services could be severely disrupted, potentially endangering patient care and safety. Given the criticality of healthcare infrastructure, such an attack could also have cascading effects on national health services and emergency response capabilities. Additionally, the breach of confidential medical data could have long-term reputational damage and financial consequences. The ability to upload a web shell means attackers could maintain persistent access, conduct lateral movement, and deploy ransomware or other malware, amplifying the threat landscape for European healthcare institutions.

Mitigation Recommendations

To mitigate this vulnerability, European healthcare organizations should immediately verify if they are running affected versions of mojoomla Hospital Management System and prioritize patching once available. In the absence of an official patch, organizations should implement strict file upload controls, including whitelisting allowed file types, enforcing file size limits, and validating file contents on the server side. Employing web application firewalls (WAFs) with rules to detect and block web shell signatures can provide an additional layer of defense. Restricting upload permissions to only trusted users and monitoring upload directories for suspicious files is critical. Network segmentation should be used to isolate the Hospital Management System from other critical infrastructure to limit lateral movement. Regularly auditing logs for unusual activities and deploying endpoint detection and response (EDR) tools can help detect exploitation attempts early. Finally, organizations should review and strengthen their incident response plans to quickly address potential breaches stemming from this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-07T10:45:20.229Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68306f8e0acd01a249272458

Added to database: 5/23/2025, 12:52:30 PM

Last enriched: 7/8/2025, 8:25:03 PM

Last updated: 8/15/2025, 11:11:07 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats