CVE-2025-34121
published 2025-07-16CVE-2025-34121: An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php`…
PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.68%
74.1th percentile
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to wizards/post2file.php, especially those containing PHP file content in the request body, as this is the vulnerable upload endpoint. ↗
- →Alert on PHP files appearing in the webroot of Idera Up.Time Monitoring Station (versions ≤7.2) that were not part of the original installation, as successful exploitation drops a PHP webshell there. ↗
- →The Metasploit module exploits/multi/http/uptime_file_upload_1 targets this vulnerability; presence of this module string in logs or network traffic indicates active exploitation attempts. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/uptime_file_upload_1.rbhttps://web.archive.org/web/20150210113937/http://www.security-assessment.com/files/documents/advisory/Up.Time%207.2%20-%20Arbitrary%20File%20Upload.pdfhttps://www.exploit-db.com/exploits/38732https://www.vulncheck.com/advisories/idera-uptime-arbitrary-file-upload-rce
2025-07-16
Published