CVE-2025-29411
Published: 20 March 2025
Summary
CVE-2025-29411 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Martmbithi Ibanking. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-29411, published on 2025-03-20, is an arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0. The flaw enables attackers to upload a crafted PHP file, resulting in arbitrary code execution. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).
Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation allows remote code execution, granting high-impact access to confidentiality, integrity, and availability of the affected system.
Advisories and further details are documented in the GitHub issue at https://github.com/MartMbithi/iBanking/issues/12 and the analysis at https://www.simonjuguna.com/cve-2025-29411-authenticated-remote-code-execution-rce-via-arbitrary-file-upload/. No specific patch or mitigation guidance is detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7132
Vulnerability details
An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The arbitrary file upload vulnerability in a public-facing web application directly enables exploitation of T1190 (Exploit Public-Facing Application) and facilitates deployment of a malicious PHP file as a web shell under T1505.003 (Server Software Component: Web Shell), leading to unauthenticated remote code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements validation mechanisms at file upload points to reject dangerous file types like PHP, comprehensively preventing unrestricted uploads leading to code execution.
Enforces access control policies to require authentication for the Client Profile Update section, blocking unauthenticated attackers from exploiting the upload vulnerability.
Identifies and remediates the specific file upload flaw through patching or secure coding, preventing arbitrary code execution from crafted PHP uploads.