CVE-2025-29411 – An arbitrary file upload vulnerability in Mart ... (How to Fix)

Q: What is the severity of CVE-2025-29411?

CVE-2025-29411 has a CVSS score of 9.8 (CRITICAL). An arbitrary file upload vulnerability in Mart Developers iBanking v2.0.0 allows authenticated attackers to upload malicious PHP files through the Client Profile Update section. This enables remote code execution on the server, potentially compromising the entire banking application. All organizations using the vulnerable version are affected.

📋 TL;DR

An arbitrary file upload vulnerability in Mart Developers iBanking v2.0.0 allows authenticated attackers to upload malicious PHP files through the Client Profile Update section. This enables remote code execution on the server, potentially compromising the entire banking application. All organizations using the vulnerable version are affected.

💻 Affected Systems

Products:

Mart Developers iBanking

Versions: v2.0.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the Client Profile Update feature.

📦 What is this software?

Ibanking by Martmbithi

View all CVEs affecting Ibanking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover, data exfiltration, lateral movement to other systems, and deployment of ransomware or other malware.

🟠

Likely Case

Unauthorized access to sensitive banking data, modification of financial records, and installation of backdoors for persistent access.

🟢

If Mitigated

Attack blocked at web application firewall level or file upload validation prevents malicious files from being stored.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Implement File Upload Validation

all

Add server-side validation to restrict uploaded file types to safe extensions only.

Modify PHP code to check file extensions and MIME types before saving uploads

Restrict Upload Directory Permissions

linux

Configure upload directory to prevent execution of uploaded files.

chmod 644 /path/to/upload/directory/*
chown www-data:www-data /path/to/upload/directory

🧯 If You Can't Patch

Implement web application firewall rules to block PHP file uploads
Disable the Client Profile Update feature entirely if not essential

🔍 How to Verify

Check if Vulnerable:

Check if iBanking version is 2.0.0 and test uploading a PHP file through Client Profile Update.

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Attempt to upload a PHP file and verify it is rejected or saved without execution capability.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to profile update endpoint
PHP file extensions in upload logs
Multiple failed upload attempts

Network Indicators:

POST requests to profile update endpoint with file uploads
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/client/profile/update" AND file_extension="php"

📊 Metadata

CVE ID: CVE-2025-29411

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.76% exploit probability (72.9th percentile)

Published: March 20, 2025

Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29411, you might also want to check these: