Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Posted on By CWS

A important distant code execution vulnerability in Monsta FTP, a well-liked web-based FTP shopper utilized by monetary establishments and enterprises worldwide.

The flaw, now tracked as CVE-2025-34299, impacts a number of variations of the software program and has been exploited within the wild.

Monsta FTP is a browser-based file switch shopper that permits customers to handle recordsdata on distant servers with out devoted FTP software program.

With a minimum of 5,000 cases uncovered on the web, the platform serves a various person base, together with monetary organizations and huge enterprises.

The Vulnerability and Patch Accessible

The safety flaw permits attackers to attain pre-authenticated distant code execution on susceptible Monsta FTP servers.

WatchTowr Labs researchers found that regardless of builders including intensive enter validation capabilities in latest updates, important vulnerabilities remained unpatched throughout a number of variations.

The assault works by means of a easy three-step course of: An attacker methods Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.

Writes that file to an arbitrary path on the goal server. This grants full management over the susceptible system.

CVE IDVulnerability TypeAffected VersionStatusExploitationCVE-2025-34299Remote Code Execution (RCE)Monsta FTP ≤ 2.11.2Patched in v2.11.3 (Aug 26, 2025)Energetic exploitation within the wild

The vulnerability impacts variations 2.10.3 by means of 2.11, and researchers discovered that beforehand reported safety flaws have been by no means correctly fastened.

WatchTower Labs Evaluation revealed minimal code modifications between variations 2.10.3 and a couple of.10.4, leaving identified vulnerabilities intact with model updates.

Monsta FTP launched model 2.11.3 on August 26, 2025, which addresses this important vulnerability.

Organizations operating Monsta FTP ought to instantly improve to the newest model to guard their techniques.

The invention highlights ongoing safety challenges in web-based file administration techniques, significantly when legacy vulnerabilities persist regardless of a number of software program updates.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Multi-Staged ValleyRAT Uses WeChat and DingTalk to Attack Windows Users Multi-Staged ValleyRAT Uses WeChat and DingTalk to Attack Windows Users Cyber Security News
EvilTokens: A New Phishing Threat Targeting Microsoft Accounts EvilTokens: A New Phishing Threat Targeting Microsoft Accounts Cyber Security News
Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable Cyber Security News
How Prompt Injection Attacks Bypassing AI Agents With Users Input How Prompt Injection Attacks Bypassing AI Agents With Users Input Cyber Security News
Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach Cyber Security News
New Battering RAM Attack Bypasses Latest Defenses on Intel and AMD Cloud Processors New Battering RAM Attack Bypasses Latest Defenses on Intel and AMD Cloud Processors Cyber Security News