CVE-2025-34121
Idera Up.Time โค 7.2 post2file.php Arbitrary File Upload RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
| CWE | CWE-434 CWE-306 |
| Vendor | idera |
| Product | up.time monitoring station |
| Published | Jul 16, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for idera up.time monitoring station
Be the first to know when new unknown vulnerabilities affecting idera up.time monitoring station are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Idera / Up.Time Monitoring Station
* โค 7.2
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/uptime_file_upload_1.rb web.archive.org: https://web.archive.org/web/20150210113937/http://www.security-assessment.com/files/documents/advisory/Up.Time%207.2%20-%20Arbitrary%20File%20Upload.pdf exploit-db.com: https://www.exploit-db.com/exploits/38732 vulncheck.com: https://www.vulncheck.com/advisories/idera-uptime-arbitrary-file-upload-rce
Credits
Denis Andzakovic of Security-Assessment.com