CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-25153

CVSS 9.8v3.1pub. 2024-03-13upd. 2025-09-19

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

🤖 AI Analysis
How it works

The attacker sends a specially crafted POST request to the 'ftpservlet' component, exploiting path traversal sequences in the target path of the uploaded file. The validation mechanism does not properly verify the path, which allows the file to be saved outside the intended 'uploadtemp' directory. If the file is placed in the web server's DocumentRoot directory, the attacker can then execute it as a JSP script — for example, in the form of a web shell — thereby gaining control of the server.

Impact

An unauthenticated remote attacker can gain full remote code execution (RCE) on the server, leading to complete breach of confidentiality, integrity, and availability of the system, including the possibility of installing a web shell.

Mitigation & patch

Fortra FileCatalyst Workflow should be updated to version 5.1.6.114 or later, in accordance with the information contained in the vendor's release notes and Fortra security advisory FI-2024-002.

Who is affected

Fortra FileCatalyst Workflow — versions prior to 5.1.6.114 (patch version indicated in vendor references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortra Filecatalyst Workflow

    APP
    Fortra
    5.1.65.0 – 5.1.6 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-6633CRITICAL9.8PL ✓ten sam produkt

Domyślne poświadczenia bazy HSQLDB w Fortra FileCatalyst Workflow

CVE-2024-5276CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Fortra FileCatalyst Workflow umożliwia modyfikację danych

CVE-2024-6632HIGH7.2ten sam produkt

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to p...

CVE-2025-10035CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Deserialization i command injection w Fortra GoAnywhere MFT (License Servlet)

CVE-2024-0204CRITICAL9.8PL ✓ten sam vendor

Pominięcie uwierzytelniania w Fortra GoAnywhere MFT — tworzenie konta admina