Unauthenticated File Upload Vulnerability in Monsta FTP by Monsta FTP
CVE-2025-34299
Key Information:
- Status
- Vendor
- CVE Published:
- 7 November 2025
Badges
What is CVE-2025-34299?
Monsta FTP versions 2.11 and earlier are susceptible to an unauthenticated arbitrary file upload vulnerability. This security flaw allows attackers to upload maliciously crafted files from a compromised (S)FTP server, potentially leading to the execution of arbitrary code. Successful exploitation can result in significant impacts on the confidentiality, integrity, and availability of affected systems, underscoring the need for users to apply security patches and adhere to best practices in server configurations.
Affected Version(s)
Monsta FTP 0 <= 2.11
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
watchTowr LabsCVE-2025-34299What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others. We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend! What’re We Doing Today, Mr Fox? Today, in a tale that seems all too familar at this point,
10 hours ago
References
CVSS V4
Timeline
- 🟡
Public PoC available
- đź‘ľ
Exploit known to exist
- đź“°
First article discovered by watchTowr Labs
Vulnerability published
Vulnerability Reserved