exploitDog

CVE-2025-34299

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

Ссылки

https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
Exploit
Third Party Advisory
https://www.monstaftp.com/notes/
Release Notes
https://www.vulncheck.com/advisories/monsta-ftp-unauthenticated-arbitrary-file-upload
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:monstaftp:monsta_ftp:*:*:*:*:*:*:*:*

Версия до 2.11 (включая)

EPSS

Процентиль: 98%

0.60331

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-42m5-3r2p-wr92

github

3 месяца назад

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

EPSS

Процентиль: 98%

0.60331

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434