Plataforma
other
Componente
rumpus-ftp-server
Corrigido em
9.0.13
CVE-2025-55057 identifies multiple Cross-Site Request Forgery (CSRF) vulnerabilities within Rumpus FTP Server. CSRF attacks allow malicious actors to trick authenticated users into unknowingly executing unintended actions. This vulnerability impacts versions 9.0.12–9.0.12 of Rumpus FTP Server and has been resolved in version 9.0.13.
A successful CSRF attack against Rumpus FTP Server could allow an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying server configurations, creating or deleting user accounts, or potentially accessing sensitive files stored on the FTP server. The impact is amplified if the FTP server is used to store confidential data or is integrated with other critical systems. While the direct data breach potential might be limited to files accessible via FTP, the ability to manipulate server settings could lead to broader system compromise.
CVE-2025-55057 was publicly disclosed on 2025-11-17. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are currently unavailable, but the CSRF nature of the vulnerability makes it likely that such exploits will emerge. The medium CVSS score reflects the potential for exploitation and impact.
Organizations and individuals utilizing Rumpus FTP Server versions 9.0.12–9.0.12, particularly those hosting sensitive data or integrating the FTP server with other critical systems, are at risk. Shared hosting environments where multiple users share the same FTP server instance are also at increased risk, as a compromised user account could potentially impact other users.
disclosure
Status do Exploit
EPSS
0.03% (percentil 7%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-55057 is to upgrade Rumpus FTP Server to version 9.0.13 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to sensitive FTP functions via a web application firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious referer headers or unexpected origins. Additionally, review and strengthen user authentication practices to minimize the risk of session hijacking. After upgrading, confirm the fix by attempting a CSRF attack against a test user account and verifying that the action is denied.
Atualize o Rumpus FTP Server para uma versão que corrija a vulnerabilidade CSRF. Consulte o site do fornecedor para obter a versão mais recente e as instruções de atualização. Implemente medidas de segurança CSRF em sua aplicação web para mitigar o risco.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-55057 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Rumpus FTP Server versions 9.0.12–9.0.12, allowing attackers to perform unauthorized actions on behalf of authenticated users.
You are affected if you are running Rumpus FTP Server version 9.0.12–9.0.12. Upgrade to version 9.0.13 or later to mitigate the vulnerability.
Upgrade Rumpus FTP Server to version 9.0.13 or later. As a temporary workaround, implement WAF rules to block suspicious requests.
There is currently no evidence of active exploitation, but the CSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the official Rumpus FTP Server website or security advisories for the latest information and updates regarding CVE-2025-55057.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.