Categories: Cyber Security News

Monsta Web FTP RCE Vulnerability Actively Exploited in the Wild

A critical remote code execution vulnerability has been discovered in Monsta FTP, a web-based file transfer client used by thousands of organizations worldwide.

The vulnerability allows unauthenticated attackers to execute arbitrary code on affected servers by leveraging a path traversal flaw during file downloads.

The Vulnerability

Monsta FTP, which powers over 5,000 Internet-facing instances, contains a dangerous combination of design flaws.

The application accepts user-controlled file paths through its API endpoint at /mftp/application/api/api.php without proper validation.

Attackers can manipulate the localPath parameter in download requests to write arbitrary files to any location on the web server.

The attack chain is straightforward: trick Monsta FTP into connecting to an attacker-controlled SFTP server, have it download a malicious payload, then write that file to a web-accessible directory such as /var/www/html/mftp/.

This results in immediate code execution with web server privileges.

Security researchers discovered this vulnerability in August 2025 and disclosed it responsibly to Monsta FTP developers. ]

The vulnerability remained unfixed across multiple versions, including 2.10.3, 2.10.4, and initially 2.11. Patches were released in version 2.11.3 on August 26, 2025, followed by CVE-2025-34299 assignment on November 4, 2025.

The vulnerability is particularly concerning because it requires no authentication and affects organizations across financial services, enterprises, and individual users who rely on Monsta FTP for remote file management.

CVE ID	Affected Versions	Type	Severity	Status
CVE-2025-34299	2.10.3 – 2.11.2	Remote Code Execution	Critical	Patched in 2.11.3

Organizations running Monsta FTP should update to version 2.11.3 or later immediately. Additionally, implement network segmentation and restrict API endpoint access to trusted IP addresses.

Monitor web server logs for suspicious file write operations to /mftp/ directories.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today

The post Monsta Web FTP RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

Monsta web-based FTP Remote Code Execution Vulnerability Exploited

A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide. The flaw, now tracked as CVE-2025-34299, affects multiple versions of the software and has been exploited in the wild. Monsta FTP is a browser-based file transfer client that allows users…

November 10, 2025

In "Cyber Security News"

Apache NuttX Vulnerability Let Attackers to Crash Systems

A newly disclosed use-after-free vulnerability in Apache NuttX RTOS could allow attackers to cause system crashes and unintended filesystem operations, prompting urgent security warnings for users running network-exposed services. The flaw, tracked as CVE-2025-48769 and rated moderate in severity, affects a wide range of NuttX versions and was publicly disclosed…

January 2, 2026

In "Cyber Security News"

Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-47812, has received the maximum CVSS score of 10.0 and enables unauthenticated remote code execution with root or SYSTEM privileges. The vulnerability was…

July 14, 2025

In "Cyber Security News"

rssfeeds-admin