CVE-2025-34299 — Vulnetix

CVE-2025-34299 PUBLISHED CVSS 9.300000190734863 CRITICAL

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

EPSS 74.11% · 98.9th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

74.11%

98.9th percentile

Affected Products

Vendor	Product	Versions
monstaftp	monsta_ftp	0, 0
Monsta Limited of New Zealand	Monsta FTP	0

Exploit Intelligence

Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerability (github-poc)
MonstaFTP Unauthenticated File Upload (github-poc)
MonstaFTP Unauthenticated File Upload (github-poc)
MonstaFTP Unauthenticated File Upload (github-poc)

…and 122 more exploits

Timeline

Jan 21, 1970 VulnCheck XDB Entry
Jan 21, 1970 VulnCheck XDB Entry
Jan 21, 1970 VulnCheck XDB Entry
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 7, 2025 CVE Published

References

Open in Interactive Console →