Platform
other
Component
rumpus-ftp-server
Fixed in
9.0.13
CVE-2025-55057 identifies multiple Cross-Site Request Forgery (CSRF) vulnerabilities within Rumpus FTP Server. CSRF attacks allow malicious actors to trick authenticated users into unknowingly executing unintended actions. This vulnerability impacts versions 9.0.12–9.0.12 of Rumpus FTP Server and has been resolved in version 9.0.13.
A successful CSRF attack against Rumpus FTP Server could allow an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying server configurations, creating or deleting user accounts, or potentially accessing sensitive files stored on the FTP server. The impact is amplified if the FTP server is used to store confidential data or is integrated with other critical systems. While the direct data breach potential might be limited to files accessible via FTP, the ability to manipulate server settings could lead to broader system compromise.
CVE-2025-55057 was publicly disclosed on 2025-11-17. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are currently unavailable, but the CSRF nature of the vulnerability makes it likely that such exploits will emerge. The medium CVSS score reflects the potential for exploitation and impact.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-55057 is to upgrade Rumpus FTP Server to version 9.0.13 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to sensitive FTP functions via a web application firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious referer headers or unexpected origins. Additionally, review and strengthen user authentication practices to minimize the risk of session hijacking. After upgrading, confirm the fix by attempting a CSRF attack against a test user account and verifying that the action is denied.
Update Rumpus FTP Server to a version that fixes the CSRF vulnerability. Refer to the vendor's website for the latest version and update instructions. Implement CSRF security measures in your web application to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-55057 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Rumpus FTP Server versions 9.0.12–9.0.12, allowing attackers to perform unauthorized actions on behalf of authenticated users.
You are affected if you are running Rumpus FTP Server version 9.0.12–9.0.12. Upgrade to version 9.0.13 or later to mitigate the vulnerability.
Upgrade Rumpus FTP Server to version 9.0.13 or later. As a temporary workaround, implement WAF rules to block suspicious requests.
There is currently no evidence of active exploitation, but the CSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the official Rumpus FTP Server website or security advisories for the latest information and updates regarding CVE-2025-55057.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.