Monsta FTP Remote Code Execution Vulnerability CVE-2025-34299 Discovered

Monsta FTP Remote Code Execution Vulnerability CVE-2025-34299 Discovered

First seen 23 Nov 2025, 03:35 UTC Heise.De 80% similarity 55.5

Article Content

Browse articles
ThreatCluster

A critical remote code execution vulnerability (CVE-2025-34299) has been identified in Monsta FTP, a web-based file transfer client, allowing unauthenticated attackers to execute arbitrary code on affected systems. The flaw arises from improper handling of user input during file downloads, endangering thousands of servers. Researchers have confirmed that this vulnerability is being actively exploited in the wild.

ThreatCluster AI

Community

Browse all →