Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34299
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Monsta FTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Monsta FTP是新西兰Monsta公司的一款轻量级文件管理器。它支持文件传输、文件管理和文档编辑等功能。 Monsta FTP 2.11及之前版本存在安全漏洞,该漏洞源于允许未经身份验证的任意文件上传,可能导致执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Monsta Limited of New ZealandMonsta FTP 0 ~ 2.11 -
II. Public POCs for CVE-2025-34299
#POC DescriptionSource LinkShenlong Link
1Detection for CVE-2025-34299https://github.com/rxerium/CVE-2025-34299POC Details
2CVE-2025-34299https://github.com/B1ack4sh/Blackash-CVE-2025-34299POC Details
3MonstaFTP Unauthenticated File Uploadhttps://github.com/Chocapikk/CVE-2025-34299POC Details
4CVE-2025-34299https://github.com/Ashwesker/Blackash-CVE-2025-34299POC Details
5Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34299.yamlPOC Details
6Docker test environment for CVE-2025-34299 - Monsta FTP Pre-Auth RCE vulnerabilityhttps://github.com/KrE80r/CVE-2025-34299-labPOC Details
7CVE-2025-34299https://github.com/Ashwesker/Ashwesker-CVE-2025-34299POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-34299
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-434
V. Comments for CVE-2025-34299

No comments yet

Leave a comment