Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Posted on By CWS

A important distant code execution vulnerability in Monsta FTP, a well-liked web-based FTP shopper utilized by monetary establishments and enterprises worldwide.

The flaw, now tracked as CVE-2025-34299, impacts a number of variations of the software program and has been exploited within the wild.

Monsta FTP is a browser-based file switch shopper that permits customers to handle recordsdata on distant servers with out devoted FTP software program.

With a minimum of 5,000 cases uncovered on the web, the platform serves a various person base, together with monetary organizations and huge enterprises.

The Vulnerability and Patch Accessible

The safety flaw permits attackers to attain pre-authenticated distant code execution on susceptible Monsta FTP servers.

WatchTowr Labs researchers found that regardless of builders including intensive enter validation capabilities in latest updates, important vulnerabilities remained unpatched throughout a number of variations.

The assault works by means of a easy three-step course of: An attacker methods Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.

Writes that file to an arbitrary path on the goal server. This grants full management over the susceptible system.

CVE IDVulnerability TypeAffected VersionStatusExploitationCVE-2025-34299Remote Code Execution (RCE)Monsta FTP ≤ 2.11.2Patched in v2.11.3 (Aug 26, 2025)Energetic exploitation within the wild

The vulnerability impacts variations 2.10.3 by means of 2.11, and researchers discovered that beforehand reported safety flaws have been by no means correctly fastened.

WatchTower Labs Evaluation revealed minimal code modifications between variations 2.10.3 and a couple of.10.4, leaving identified vulnerabilities intact with model updates.

Monsta FTP launched model 2.11.3 on August 26, 2025, which addresses this important vulnerability.

Organizations operating Monsta FTP ought to instantly improve to the newest model to guard their techniques.

The invention highlights ongoing safety challenges in web-based file administration techniques, significantly when legacy vulnerabilities persist regardless of a number of software program updates.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Lazarus Hackers Actively Attacking European Drone Manufacturing Companies Lazarus Hackers Actively Attacking European Drone Manufacturing Companies Cyber Security News
Famous Chollima APT Hackers Attacking Job Seekers and Organization to Deploy JavaScript Based Malware Famous Chollima APT Hackers Attacking Job Seekers and Organization to Deploy JavaScript Based Malware Cyber Security News
Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 Cyber Security News
Microsoft Teams Down – Users Face Messaging Delays and Service Disruptions Worldwide Microsoft Teams Down – Users Face Messaging Delays and Service Disruptions Worldwide Cyber Security News
Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026 Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026 Cyber Security News
Critical Flaw in Trivy Scanner Added to CISA’s Vulnerability List Critical Flaw in Trivy Scanner Added to CISA’s Vulnerability List Cyber Security News