CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE	Exploit Third Party Advisory
https://github.com/monstra-cms/monstra/tree/master/plugins/box/filesmanager	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:monstra:monstra_cms:3.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-05 17:16

Updated : 2026-02-11 19:07

NVD link : CVE-2025-69906

Mitre link : CVE-2025-69906

CVE.ORG link : CVE-2025-69906

JSON object : View

Products Affected

monstra

monstra_cms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-69906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-05T17:16:12.900", "references": [{"url": "https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/monstra-cms/monstra/tree/master/plugins/box/filesmanager", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution."}, {"lang": "es", "value": "Monstra CMS v3.0.4 contiene una vulnerabilidad de carga arbitraria de archivos en el plugin Files Manager. La aplicaci\u00f3n se basa en la validaci\u00f3n de extensi\u00f3n de archivo basada en lista negra y almacena los archivos cargados directamente en un directorio accesible por web. Bajo configuraciones t\u00edpicas de servidor, esto puede permitir a un atacante cargar archivos que son interpretados como c\u00f3digo ejecutable, resultando en ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2026-02-11T19:07:15.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:monstra:monstra_cms:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2226D9F-8476-4F0F-9DE3-21A8FE290533"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}