alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ZendTo Dropoff Path Traversal (CVE-2025-34508)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/dropoff"; fast_pattern; startswith; http.request_body; content:"|22|tmp_name|22 3a|"; content:"|2e 2e 2f|"; distance:0; reference:url,horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/; reference:cve,2025-34508; classtype:web-application-attack; sid:2063026; rev:1; metadata:attack_target Server, created_at 2025_06_17, cve CVE_2025_34508, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_06_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)