CVE-2025-29411
Published: 20 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-29411, published on 2025-03-20, is an arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0. The flaw enables attackers to upload a crafted PHP file, resulting in arbitrary code execution. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).
Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation allows remote code execution, granting high-impact access to confidentiality, integrity, and availability of the affected system.
Advisories and further details are documented in the GitHub issue at https://github.com/MartMbithi/iBanking/issues/12 and the analysis at https://www.simonjuguna.com/cve-2025-29411-authenticated-remote-code-execution-rce-via-arbitrary-file-upload/. No specific patch or mitigation guidance is detailed in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The arbitrary file upload vulnerability in a public-facing web application directly enables exploitation of T1190 (Exploit Public-Facing Application) and facilitates deployment of a malicious PHP file as a web shell under T1505.003 (Server Software Component: Web Shell), leading to unauthenticated remote code execution.