CVE-2025-66802: n/a
CVE-2025-66802 is a critical Remote Code Execution (RCE) vulnerability affecting Sourcecodester Covid-19 Contact Tracing System 1. 0. The flaw arises from improper handling of user-uploaded images, allowing attackers to upload a PHP reverse shell disguised as an image file. This enables unauthenticated attackers to execute arbitrary code remotely with full system privileges, compromising confidentiality, integrity, and availability. The vulnerability has a CVSS score of 9. 8, indicating critical severity, and does not require user interaction or authentication. Although no known exploits are currently in the wild, the high impact and ease of exploitation make this a significant threat. European organizations using this contact tracing system are at risk of full system compromise, data breaches, and disruption of critical public health infrastructure. Immediate mitigation steps include disabling file uploads, implementing strict file validation, and applying patches once available. Countries with widespread use of Sourcecodester applications or strategic interest in Covid-19 tracing systems are most likely to be affected.
AI Analysis
Technical Summary
CVE-2025-66802 is a critical vulnerability in Sourcecodester Covid-19 Contact Tracing System 1.0, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability allows unauthenticated remote attackers to upload malicious PHP files disguised as images. The system fails to properly validate or sanitize uploaded image files, enabling attackers to upload a reverse shell payload. Once uploaded, the attacker can execute arbitrary PHP code remotely, gaining full control over the affected server. This RCE flaw impacts confidentiality, integrity, and availability by allowing data theft, system manipulation, and service disruption. The CVSS v3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and full impact on all security properties. No patches or mitigations are currently published, and no exploits have been observed in the wild yet. The vulnerability is particularly dangerous in the context of a Covid-19 contact tracing system, as it may expose sensitive health data and disrupt critical public health operations. The root cause is inadequate file upload validation, a common web application security issue. Organizations using this software must urgently assess exposure and implement compensating controls.
Potential Impact
For European organizations, this vulnerability poses a severe risk to public health infrastructure and sensitive personal data related to Covid-19 tracing. Exploitation could lead to unauthorized access to health records, manipulation or deletion of contact tracing data, and disruption of tracing services critical for pandemic management. The compromise of such systems could erode public trust and violate stringent European data protection regulations such as GDPR, potentially resulting in heavy fines and reputational damage. Additionally, attackers could use the compromised servers as footholds for lateral movement within networks, escalating the threat to broader organizational IT environments. The critical nature of the vulnerability and the lack of authentication requirements make it highly exploitable, increasing the urgency for European entities to respond swiftly. The impact extends beyond individual organizations to national health agencies and governments relying on these systems for pandemic response.
Mitigation Recommendations
1. Immediately disable all file upload functionality in the affected application until a secure patch is available. 2. Implement strict server-side validation to ensure only legitimate image files are accepted, including MIME type checks, file extension validation, and content inspection. 3. Employ file upload sandboxing and store uploaded files outside the web root to prevent direct execution. 4. Use web application firewalls (WAFs) to detect and block malicious payloads targeting file upload endpoints. 5. Monitor server logs for suspicious activity indicative of reverse shell attempts or unauthorized code execution. 6. Conduct thorough security audits of the contact tracing system and related infrastructure to identify and remediate other potential vulnerabilities. 7. Apply principle of least privilege to web server processes to limit the impact of any successful exploitation. 8. Stay updated with vendor advisories and apply official patches immediately upon release. 9. Educate IT and security teams about the risks associated with file upload vulnerabilities and proper handling procedures. 10. Consider alternative contact tracing solutions with stronger security postures if remediation is delayed.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-66802: n/a
Description
CVE-2025-66802 is a critical Remote Code Execution (RCE) vulnerability affecting Sourcecodester Covid-19 Contact Tracing System 1. 0. The flaw arises from improper handling of user-uploaded images, allowing attackers to upload a PHP reverse shell disguised as an image file. This enables unauthenticated attackers to execute arbitrary code remotely with full system privileges, compromising confidentiality, integrity, and availability. The vulnerability has a CVSS score of 9. 8, indicating critical severity, and does not require user interaction or authentication. Although no known exploits are currently in the wild, the high impact and ease of exploitation make this a significant threat. European organizations using this contact tracing system are at risk of full system compromise, data breaches, and disruption of critical public health infrastructure. Immediate mitigation steps include disabling file uploads, implementing strict file validation, and applying patches once available. Countries with widespread use of Sourcecodester applications or strategic interest in Covid-19 tracing systems are most likely to be affected.
AI-Powered Analysis
Technical Analysis
CVE-2025-66802 is a critical vulnerability in Sourcecodester Covid-19 Contact Tracing System 1.0, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability allows unauthenticated remote attackers to upload malicious PHP files disguised as images. The system fails to properly validate or sanitize uploaded image files, enabling attackers to upload a reverse shell payload. Once uploaded, the attacker can execute arbitrary PHP code remotely, gaining full control over the affected server. This RCE flaw impacts confidentiality, integrity, and availability by allowing data theft, system manipulation, and service disruption. The CVSS v3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and full impact on all security properties. No patches or mitigations are currently published, and no exploits have been observed in the wild yet. The vulnerability is particularly dangerous in the context of a Covid-19 contact tracing system, as it may expose sensitive health data and disrupt critical public health operations. The root cause is inadequate file upload validation, a common web application security issue. Organizations using this software must urgently assess exposure and implement compensating controls.
Potential Impact
For European organizations, this vulnerability poses a severe risk to public health infrastructure and sensitive personal data related to Covid-19 tracing. Exploitation could lead to unauthorized access to health records, manipulation or deletion of contact tracing data, and disruption of tracing services critical for pandemic management. The compromise of such systems could erode public trust and violate stringent European data protection regulations such as GDPR, potentially resulting in heavy fines and reputational damage. Additionally, attackers could use the compromised servers as footholds for lateral movement within networks, escalating the threat to broader organizational IT environments. The critical nature of the vulnerability and the lack of authentication requirements make it highly exploitable, increasing the urgency for European entities to respond swiftly. The impact extends beyond individual organizations to national health agencies and governments relying on these systems for pandemic response.
Mitigation Recommendations
1. Immediately disable all file upload functionality in the affected application until a secure patch is available. 2. Implement strict server-side validation to ensure only legitimate image files are accepted, including MIME type checks, file extension validation, and content inspection. 3. Employ file upload sandboxing and store uploaded files outside the web root to prevent direct execution. 4. Use web application firewalls (WAFs) to detect and block malicious payloads targeting file upload endpoints. 5. Monitor server logs for suspicious activity indicative of reverse shell attempts or unauthorized code execution. 6. Conduct thorough security audits of the contact tracing system and related infrastructure to identify and remediate other potential vulnerabilities. 7. Apply principle of least privilege to web server processes to limit the impact of any successful exploitation. 8. Stay updated with vendor advisories and apply official patches immediately upon release. 9. Educate IT and security teams about the risks associated with file upload vulnerabilities and proper handling procedures. 10. Consider alternative contact tracing solutions with stronger security postures if remediation is delayed.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-12-08T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69654a41da2266e83806dde7
Added to database: 1/12/2026, 7:23:45 PM
Last enriched: 1/19/2026, 7:40:36 PM
Last updated: 2/7/2026, 2:48:42 PM
Views: 38
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2088: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2026-2087: SQL Injection in SourceCodester Online Class Record System
MediumCVE-2026-2086: Buffer Overflow in UTT HiPER 810G
HighCVE-2026-2085: Command Injection in D-Link DWR-M921
HighCVE-2026-2084: OS Command Injection in D-Link DIR-823X
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.