cbcvebase.
CVE-2025-34121
published 2025-07-16

CVE-2025-34121: An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php`…

PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.68%
74.1th percentile
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.

Detection & IOCsextracted from sources · hover to see the quote

pathwizards/post2file.php
  • Monitor for unauthenticated POST requests to wizards/post2file.php, especially those containing PHP file content in the request body, as this is the vulnerable upload endpoint.
  • Alert on PHP files appearing in the webroot of Idera Up.Time Monitoring Station (versions ≤7.2) that were not part of the original installation, as successful exploitation drops a PHP webshell there.
  • The Metasploit module exploits/multi/http/uptime_file_upload_1 targets this vulnerability; presence of this module string in logs or network traffic indicates active exploitation attempts.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.