CVE-2025-34299

UNKNOWN 0.0

Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

CWE	CWE-434
Vendor	monsta limited of new zealand
Product	monsta ftp
Published	Nov 7, 2025
Last Updated	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for monsta limited of new zealand monsta ftp

Be the first to know when new unknown vulnerabilities affecting monsta limited of new zealand monsta ftp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Monsta Limited of New Zealand / Monsta FTP

0 ≤ 2.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

monstaftp.com: https://www.monstaftp.com/notes/ labs.watchtowr.com: https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/ vulncheck.com: https://www.vulncheck.com/advisories/monsta-ftp-unauthenticated-arbitrary-file-upload

Credits

Sonny of watchTowr