支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: ae7110a8f6e921a43d27f574b35211110de91504

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-34299
关联漏洞
标题:Monsta FTP 安全漏洞 (CVE-2025-34299)
描述:Monsta FTP是新西兰Monsta公司的一款轻量级文件管理器。它支持文件传输、文件管理和文档编辑等功能。 Monsta FTP 2.11及之前版本存在安全漏洞,该漏洞源于允许未经身份验证的任意文件上传,可能导致执行任意代码。
描述
CVE-2025-34299
介绍
# **CVE-2025-34299**🚨: Monsta FTP Remote Code Execution Vulnerability💥  

![G5hmSRibcAMiu9N](https://github.com/user-attachments/assets/d8103537-17fc-499c-a378-0dfd9e9bacf6)

---

### **Executive Summary** ✨  

🔓 **CVE-2025-34299** is a **critical**, **unauthenticated** RCE flaw in **Monsta FTP** — a popular web-based file transfer tool.  
🌍 Discovered in **August 2025**, disclosed **November 7, 2025**.  
⚔️ Allows attackers to **upload web shells** via a **malicious (S)FTP server** → **full server takeover**!  
📊 **>5,000 exposed instances** online — **actively exploited** in the wild!  
🔧 **Patch NOW** to **v2.11.3** (released **Aug 26, 2025**)  

---

### **Vulnerability Details** 🔍  

| **Field**               | **Details** |
|-------------------------|-----------|
| **CVE ID**              | `CVE-2025-34299` |
| **Published**           | 📅 Nov 7, 2025 |
| **CNA**                 | VulnCheck |
| **Weakness**            | CWE-434 (Dangerous File Upload) |
| **Root Cause**          | 🕳️ Unsafe file download in `/mftp/application/api/api.php` |
| **Attack Vector**       | 🌐 **Network (Remote, Unauthenticated)** |
| **Complexity**          | 🟢 **Low** |
| **Prerequisites**       | ❌ **None** |

**Exploitation Flow** (Simplified):  

1️⃣ Attacker sends crafted **POST** to API  
2️⃣ Monsta connects to **attacker’s (S)FTP**  
3️⃣ Malicious **PHP shell** downloaded & written  
4️⃣ 💣 **RCE achieved** via `?cmd=whoami`  

**PoC Available** ✅ (watchTowr Labs)

---

### **Severity & Scoring** 📈

| **Metric**       | **Score** | **Emoji** |
|------------------|-----------|----------|
| **CVSS v4.0**    | **9.3** (Critical) | 🔥🔥🔥 |
| **CVSS v3.1**    | (Pending) | ⏳ |
| **EPSS**         | **~0.85** (80th %) | ⚡ |
| **In the Wild?** | **YES** | 🏴‍☠️ |

---

### **Affected Systems** 🖥️  

- **Product**: Monsta FTP  
- **Vulnerable**: ≤ **2.11.2**  
- **Fixed In**: **2.11.3+** ✅  
- **Platforms**: Linux, Windows, PHP-based web servers  
- **Exposed**: **5,000+** instances (ZoomEye, Shodan) 🌐  

---

### **Timeline** ⏰

| **Date**            | **Event** |
|---------------------|---------|
| Jul 2025            | v2.11 released (vulnerable) |
| Aug 2025            | watchTowr discovers flaw |
| **Aug 26, 2025**    | **Patch: v2.11.3** 🛡️ |
| Nov 4, 2025         | CVE assigned |
| **Nov 7, 2025**     | **Public Disclosure** 📢 |
| **Nov 10–13, 2025** | **Active Exploitation** 🔥 |

---

### **Exploitation in the Wild** 🏴‍☠️

- ✅ **Confirmed attacks** since August  
- 🔍 Scanners using **ZoomEye**, **Shodan**, **Nuclei**  
- 🎯 Targets: Finance, hosting, enterprises  
- 🛡️ **IoCs**:  
  - POST to `/mftp/application/api/api.php`  
  - Outbound (S)FTP to unknown IPs  
  - New `.php` files with `system()`, `eval()`  

---

### **Impact** 💣

| **Risk**         | **Level** | **Details** |
|------------------|-----------|-----------|
| **Server Takeover** | 🌋 **High** | Full root/admin access |
| **Data Breach**     | 🔒 **High** | Exfiltrate files |
| **Ransomware**      | 💰 **High** | Deploy payloads |
| **Lateral Move**    | 🌐 **Medium** | Pivot in network |

---

### **Mitigation & Remediation** 🛡️

| **Action**                  | **How** |
|-----------------------------|-------|
| **🔧 Patch**                | Upgrade to **v2.11.3+** → [monstaftp.com/download](https://monstaftp.com/download) |
| **🚫 No Workaround**        | Disable if unpatched |
| **🌐 Network Controls**     | Block outbound (S)FTP; allow only trusted IPs |
| **🛡️ WAF Rules**            | Block suspicious POSTs to `/api.php` |
| **🔍 Scan**                 | Use: `app="Monsta FTP"` on Shodan/ZoomEye |
| **🛑 Incident Response**    | Isolate → Scan for webshells → Reimage |

**Detection Query (ZoomEye)**:

```bash
app="Monsta FTP" vul.cve="CVE-2025-34299"
```

---

### **References & Sources** 📚 

- **NVD**: [nvd.nist.gov/vuln/detail/CVE-2025-34299](https://nvd.nist.gov/vuln/detail/CVE-2025-34299)  
- **watchTowr Labs**: [labs.watchtowr.com/...](https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/)  
- **VulnCheck**: [vulncheck.com/advisories/...](https://www.vulncheck.com/advisories/monsta-ftp-unauthenticated-arbitrary-file-upload)  
- **Media**: eSecurity Planet, HackRead, GBHackers  
- **X (Twitter)**: @watchtowr, @zoomeye_team, @ransomnews  

---

**Bottom Line**:  
> **Patch. Scan. Monitor. Act Fast.**  
> This is **not a drill** — **CVE-2025-34299** is a **server-ending vulnerability** in the wild.  

**Stay safe out there!** 🛡️✨
文件快照

 [4.0K]  /data/pocs/ae7110a8f6e921a43d27f574b35211110de91504
└── [4.6K]  README.md

1 directory, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。