HIGH🇬🇧 English

CVE-2025-14362

CVSS 7.3v3.1pub. 2026-04-21upd. 2026-04-23

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Fortra Goanywhere Managed File Transfer

    APP
    Fortra
    < 7.10.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-10035CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Deserialization i command injection w Fortra GoAnywhere MFT (License Servlet)

CVE-2024-0204CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelniania w Fortra GoAnywhere MFT — tworzenie konta admina

CVE-2023-0669HIGH7.2⚠ KEVten sam produkt

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerabilit...

CVE-2025-1241MEDIUM5.8ten sam produkt

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2...

CVE-2026-0971MEDIUM4.3ten sam produkt

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configure...

CVE-2025-14362 — HIGH 7.3 | CVEbaza.pl