{"id":8326,"date":"2025-11-10T10:03:52","date_gmt":"2025-11-10T10:03:52","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/10\/monsta-web-based-ftp-remote-code-execution-vulnerability-exploited\/"},"modified":"2025-11-10T10:03:52","modified_gmt":"2025-11-10T10:03:52","slug":"monsta-web-based-ftp-remote-code-execution-vulnerability-exploited","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/10\/monsta-web-based-ftp-remote-code-execution-vulnerability-exploited\/","title":{"rendered":"Monsta web-based FTP Remote Code Execution Vulnerability Exploited"},"content":{"rendered":"<p>    Monsta web-based FTP Remote Code Execution Vulnerability Exploited<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide.<\/p>\n<p>The flaw, now tracked as\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34299\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2025-34299<\/a>, affects multiple versions of the software and has been exploited in the wild.<\/p>\n<p>Monsta FTP is a browser-based file transfer client that allows users to manage files on remote servers without dedicated FTP software.<\/p>\n<p>With at least 5,000 instances exposed on the internet, the platform serves a diverse user base, including financial organizations and large enterprises.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-the-vulnerability-and-patch-available\"><strong>The Vulnerability and Patch Available<\/strong><\/h2>\n<p>The security flaw enables attackers to achieve pre-authenticated remote code execution on vulnerable Monsta <a href=\"https:\/\/cybersecuritynews.com\/wing-ftp-server-vulnerability-exploited\/\" target=\"_blank\" rel=\"noreferrer noopener\">FTP servers<\/a>.<\/p>\n<p>WatchTowr Labs researchers discovered that despite developers adding extensive input validation functions in recent updates, critical vulnerabilities remained unpatched across multiple versions.<\/p>\n<p>The attack works through a simple three-step process: An attacker tricks Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.<\/p>\n<p>Writes that file to an <a href=\"https:\/\/cybersecuritynews.com\/apache-solr-arbitrary-path-write-access\/\" target=\"_blank\" rel=\"noreferrer noopener\">arbitrary path<\/a> on the target server. This grants complete control over the vulnerable system.<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>CVE ID<\/th>\n<th>Vulnerability Type<\/th>\n<th>Affected Version<\/th>\n<th>Status<\/th>\n<th>Exploitation<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34299\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-34299<\/a><\/td>\n<td>Remote Code Execution (RCE)<\/td>\n<td>Monsta FTP \u2264 2.11.2<\/td>\n<td>Patched in v2.11.3 (Aug 26, 2025)<\/td>\n<td>Active exploitation in the wild<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>The vulnerability affects versions 2.10.3 through 2.11, and researchers found that previously reported security flaws were never properly fixed.<\/p>\n<p>WatchTower Labs Analysis<a href=\"https:\/\/labs.watchtowr.com\/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> revealed<\/a> minimal code changes between versions 2.10.3 and 2.10.4, leaving known vulnerabilities intact with version updates.<\/p>\n<p>Monsta FTP released version 2.11.3 on August 26, 2025, which addresses this critical <a href=\"https:\/\/cybersecuritynews.com\/amazon-workspaces-linux-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">vulnerability<\/a>.<\/p>\n<p>Organizations running Monsta FTP should immediately upgrade to the latest version to protect their systems.<\/p>\n<p>The discovery highlights ongoing security challenges in web-based file management systems, particularly when legacy vulnerabilities persist despite multiple software updates.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/monsta-ftp-remote-code-vulnerability\/\">Monsta web-based FTP Remote Code Execution Vulnerability Exploited<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/monsta-ftp-remote-code-vulnerability\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Monsta web-based FTP Remote Code Execution Vulnerability Exploited A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide. The flaw, now tracked as\u00a0CVE-2025-34299, affects multiple versions of the software and has been exploited in the wild. Monsta FTP is a browser-based file transfer client [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-8326","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8326"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8326"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8326\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}