The recently discovered CVE-2025-34299 vulnerability in Monsta FTP permits pre-authenticated remote code execution on compromised systems. This browser-based FTP client is popular among financial institutions, with over 5,000 instances exposed online. Despite attempts to enhance input validation in updates, fundamental vulnerabilities persist, allowing attackers to gain control through a three-step attack involving tricking the system into contacting a malicious SFTP server. Researchers at WatchTower Labs noted the minimal code changes between versions, suggesting that prior fixes were ineffective and old vulnerabilities remained. Consequently, organizations using Monsta FTP are advised to upgrade to version 2.11.3 released on August 26, 2025, to mitigate risks associated with this flaw. This incident sheds light on the security flaws in web-based file management systems, emphasizing the need for robust vulnerability management practices in software development. Immediate action is required to protect systems from potential exploitation.
👉 Pročitaj original: Cyber Security News
