A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide.
The flaw, now tracked as CVE-2025-34299, affects multiple versions of the software and has been exploited in the wild.
Monsta FTP is a browser-based file transfer client that allows users to manage files on remote servers without dedicated FTP software.
With at least 5,000 instances exposed on the internet, the platform serves a diverse user base, including financial organizations and large enterprises.
The Vulnerability and Patch Available
The security flaw enables attackers to achieve pre-authenticated remote code execution on vulnerable Monsta FTP servers.
WatchTowr Labs researchers discovered that despite developers adding extensive input validation functions in recent updates, critical vulnerabilities remained unpatched across multiple versions.
The attack works through a simple three-step process: An attacker tricks Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.
Writes that file to an arbitrary path on the target server. This grants complete control over the vulnerable system.
| CVE ID | Vulnerability Type | Affected Version | Status | Exploitation |
|---|---|---|---|---|
| CVE-2025-34299 | Remote Code Execution (RCE) | Monsta FTP ≤ 2.11.2 | Patched in v2.11.3 (Aug 26, 2025) | Active exploitation in the wild |
The vulnerability affects versions 2.10.3 through 2.11, and researchers found that previously reported security flaws were never properly fixed.
WatchTower Labs Analysis revealed minimal code changes between versions 2.10.3 and 2.10.4, leaving known vulnerabilities intact with version updates.
Monsta FTP released version 2.11.3 on August 26, 2025, which addresses this critical vulnerability.
Organizations running Monsta FTP should immediately upgrade to the latest version to protect their systems.
The discovery highlights ongoing security challenges in web-based file management systems, particularly when legacy vulnerabilities persist despite multiple software updates.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
