CVE-2025-34121: CWE-434 Unrestricted Upload of File with Dangerous Type in Idera Up.Time Monitoring Station
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
AI Analysis
Technical Summary
An unauthenticated arbitrary file upload vulnerability (CWE-434) exists in Idera Up.Time Monitoring Station up to version 7.2 via the wizards/post2file.php script. This script accepts arbitrary POST parameters without proper validation or authentication (CWE-306), enabling attackers to upload crafted PHP files into the webroot directory. This allows remote code execution as the web server user. The vulnerability has a CVSS 4.0 score of 9.3 (critical) reflecting its ease of exploitation and high impact. The vulnerability is related to a previously tracked bypass (CVE-2015-9263). No patch or remediation details are provided in the available data.
Potential Impact
Successful exploitation results in remote code execution on the affected system with the privileges of the web server user, potentially allowing full system compromise depending on the server configuration. The vulnerability requires no authentication and has a low attack complexity, making it highly dangerous. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the vulnerable script and consider implementing web application firewall rules to block malicious file upload attempts. Monitor vendor communications for updates on patches or official mitigations.
CVE-2025-34121: CWE-434 Unrestricted Upload of File with Dangerous Type in Idera Up.Time Monitoring Station
Description
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An unauthenticated arbitrary file upload vulnerability (CWE-434) exists in Idera Up.Time Monitoring Station up to version 7.2 via the wizards/post2file.php script. This script accepts arbitrary POST parameters without proper validation or authentication (CWE-306), enabling attackers to upload crafted PHP files into the webroot directory. This allows remote code execution as the web server user. The vulnerability has a CVSS 4.0 score of 9.3 (critical) reflecting its ease of exploitation and high impact. The vulnerability is related to a previously tracked bypass (CVE-2015-9263). No patch or remediation details are provided in the available data.
Potential Impact
Successful exploitation results in remote code execution on the affected system with the privileges of the web server user, potentially allowing full system compromise depending on the server configuration. The vulnerability requires no authentication and has a low attack complexity, making it highly dangerous. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the vulnerable script and consider implementing web application firewall rules to block malicious file upload attempts. Monitor vendor communications for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.561Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6878174da83201eaacdec302
Added to database: 7/16/2025, 9:19:09 PM
Last enriched: 4/7/2026, 11:04:10 PM
Last updated: 5/9/2026, 8:14:04 PM
Views: 277
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.