CVE-2025-34299CRITICAL 9.8EPSS p99.4%

CVE-2025-34299CVE-2025-34299

Description

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS72.03% probability of exploitation · percentile 99.4% · 2026-06-18T12:00:27Z
Published2025-11-07
Last modified2025-12-10

Underlying weaknesses· 1

CWE-434

References

  1. https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
  2. https://www.monstaftp.com/notes/
  3. https://www.vulncheck.com/advisories/monsta-ftp-unauthenticated-arbitrary-file-upload

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69906
CVE
CVE-2025-54944
CVE
CVE-2025-41735
CVE
CVE-2025-49195
CVE
CVE-2025-46001
CVE
CVE-2026-2701
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.