Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Monsta web-based FTP Remote Code Execution Vulnerability Exploited

Posted on By CWS

A important distant code execution vulnerability in Monsta FTP, a well-liked web-based FTP shopper utilized by monetary establishments and enterprises worldwide.

The flaw, now tracked as CVE-2025-34299, impacts a number of variations of the software program and has been exploited within the wild.

Monsta FTP is a browser-based file switch shopper that permits customers to handle recordsdata on distant servers with out devoted FTP software program.

With a minimum of 5,000 cases uncovered on the web, the platform serves a various person base, together with monetary organizations and huge enterprises.

The Vulnerability and Patch Accessible

The safety flaw permits attackers to attain pre-authenticated distant code execution on susceptible Monsta FTP servers.

WatchTowr Labs researchers found that regardless of builders including intensive enter validation capabilities in latest updates, important vulnerabilities remained unpatched throughout a number of variations.

The assault works by means of a easy three-step course of: An attacker methods Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.

Writes that file to an arbitrary path on the goal server. This grants full management over the susceptible system.

CVE IDVulnerability TypeAffected VersionStatusExploitationCVE-2025-34299Remote Code Execution (RCE)Monsta FTP ≤ 2.11.2Patched in v2.11.3 (Aug 26, 2025)Energetic exploitation within the wild

The vulnerability impacts variations 2.10.3 by means of 2.11, and researchers discovered that beforehand reported safety flaws have been by no means correctly fastened.

WatchTower Labs Evaluation revealed minimal code modifications between variations 2.10.3 and a couple of.10.4, leaving identified vulnerabilities intact with model updates.

Monsta FTP launched model 2.11.3 on August 26, 2025, which addresses this important vulnerability.

Organizations operating Monsta FTP ought to instantly improve to the newest model to guard their techniques.

The invention highlights ongoing safety challenges in web-based file administration techniques, significantly when legacy vulnerabilities persist regardless of a number of software program updates.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face Cyber Security News
Critical Windows Vulnerability Exploit Released Critical Windows Vulnerability Exploit Released Cyber Security News
WD Discovery Desktop App for Windows Vulnerability Enables Arbitrary Code Execution WD Discovery Desktop App for Windows Vulnerability Enables Arbitrary Code Execution Cyber Security News
Microsoft Shares BitLocker Keys with FBI to Unlock Encrypted Laptops in Guam Fraud Investigation Microsoft Shares BitLocker Keys with FBI to Unlock Encrypted Laptops in Guam Fraud Investigation Cyber Security News
Hackers Stolen 0,000 in Crypto Assets by Weaponizing AI Extension Hackers Stolen $500,000 in Crypto Assets by Weaponizing AI Extension Cyber Security News
Microsoft 365 Faces Chrome Compatibility Issues Microsoft 365 Faces Chrome Compatibility Issues Cyber Security News