PT-2025-29884 · Idera · Idera Up.Time Monitoring Station
Denis Andzakovic
·
Published
2025-07-16
·
Updated
2025-07-17
·
CVE-2025-34121
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Idera Up.Time Monitoring Station versions up to and including 7.2
Description
An unauthenticated arbitrary file upload issue exists. The
wizards/post2file.php script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot, resulting in remote code execution as the web server user.Recommendations
Update Idera Up.Time Monitoring Station to a version newer than 7.2.
As a temporary workaround, restrict access to the
wizards/post2file.php script.Exploit
Fix
RCE
Missing Authentication
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Idera Up.Time Monitoring Station