Plateforme
other
Composant
rumpus-ftp-server
Corrigé dans
9.0.13
CVE-2025-55057 identifies multiple Cross-Site Request Forgery (CSRF) vulnerabilities within Rumpus FTP Server. CSRF attacks allow malicious actors to trick authenticated users into unknowingly executing unintended actions. This vulnerability impacts versions 9.0.12–9.0.12 of Rumpus FTP Server and has been resolved in version 9.0.13.
A successful CSRF attack against Rumpus FTP Server could allow an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying server configurations, creating or deleting user accounts, or potentially accessing sensitive files stored on the FTP server. The impact is amplified if the FTP server is used to store confidential data or is integrated with other critical systems. While the direct data breach potential might be limited to files accessible via FTP, the ability to manipulate server settings could lead to broader system compromise.
CVE-2025-55057 was publicly disclosed on 2025-11-17. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are currently unavailable, but the CSRF nature of the vulnerability makes it likely that such exploits will emerge. The medium CVSS score reflects the potential for exploitation and impact.
Organizations and individuals utilizing Rumpus FTP Server versions 9.0.12–9.0.12, particularly those hosting sensitive data or integrating the FTP server with other critical systems, are at risk. Shared hosting environments where multiple users share the same FTP server instance are also at increased risk, as a compromised user account could potentially impact other users.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 7%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-55057 is to upgrade Rumpus FTP Server to version 9.0.13 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to sensitive FTP functions via a web application firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious referer headers or unexpected origins. Additionally, review and strengthen user authentication practices to minimize the risk of session hijacking. After upgrading, confirm the fix by attempting a CSRF attack against a test user account and verifying that the action is denied.
Mettez à jour Rumpus FTP Server vers une version qui corrige la vulnérabilité CSRF. Consultez le site web du fournisseur pour obtenir la dernière version et les instructions de mise à jour. Implémentez des mesures de sécurité CSRF dans votre application web pour atténuer le risque.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-55057 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Rumpus FTP Server versions 9.0.12–9.0.12, allowing attackers to perform unauthorized actions on behalf of authenticated users.
You are affected if you are running Rumpus FTP Server version 9.0.12–9.0.12. Upgrade to version 9.0.13 or later to mitigate the vulnerability.
Upgrade Rumpus FTP Server to version 9.0.13 or later. As a temporary workaround, implement WAF rules to block suspicious requests.
There is currently no evidence of active exploitation, but the CSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the official Rumpus FTP Server website or security advisories for the latest information and updates regarding CVE-2025-55057.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.