What is CVE-2025-34104?

CVE-2025-34104 is a vulnerability in Piwik (Now Matomo) Web Analytics Platform, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-15.

Is CVE-2025-34104 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Piwik (Now Matomo) Web Analytics Platform

CVE-2025-34104

An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a ma…

Vulnerability class: Unrestricted File Upload

EPSS: 0.736 (98.8th percentile) — read the EPSS interpretation.

Affected products

Piwik (Now Matomo) Web Analytics Platform — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

matomo.org/changelog/piwik-3-0-3/ (vendor-advisory)
matomo.org/faq/plugins/faq_21/ (product)
firefart.at/post/turning_piwik_superuser_creds_into_rce/ (third-party-advisory)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.vulncheck.com/advisories/piwik-authenticated-rce-via-custom-plugin-upload (third-party-advisory)

Frequently asked questions

What is CVE-2025-34104?: CVE-2025-34104 is a vulnerability in Piwik (Now Matomo) Web Analytics Platform, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-15.
Is CVE-2025-34104 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.