Unrated severityNVD Advisory· Published Nov 7, 2025· Updated Nov 19, 2025

Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

CVE-2025-34299

Description

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

Affected products

Ftp/Ftpllm-fuzzy
Range: <=2.11
Monsta Limited of New Zealand/Monsta FTPv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.monstaftp.com/notes/mitrerelease-notespatch
labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/mitretechnical-descriptionexploit
www.vulncheck.com/advisories/monsta-ftp-unauthenticated-arbitrary-file-uploadmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.059
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000