PT-2025-12351 · Martdevelopers · Mart Developers Ibanking

Published

2025-03-20

Updated

2025-03-28

CVE-2025-29411

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mart Developers iBanking version 2.0.0

Description The issue concerns an arbitrary file upload vulnerability in the Client Profile Update section, allowing attackers to execute arbitrary code by uploading a crafted PHP file. This enables the execution of arbitrary code, potentially leading to unauthorized access or control.

Recommendations For Mart Developers iBanking version 2.0.0, consider disabling the file upload feature in the Client Profile Update section until a patch is available to prevent the execution of arbitrary code. Restrict access to this section to minimize the risk of exploitation. Avoid using the file upload functionality in the affected section until the issue is resolved.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-29411

Affected Products

Mart Developers Ibanking

PT-2025-12351 · Martdevelopers · Mart Developers Ibanking

CVE-2025-29411

Weakness Enumeration

Related Identifiers

Affected Products

References · 8