An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NFortra Goanywhere Managed File Transfer
APPFortra< 7.10.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-10035CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Deserialization i command injection w Fortra GoAnywhere MFT (License Servlet)
CVE-2024-0204CRITICAL9.8PL ✓ten sam produkt
Pominięcie uwierzytelniania w Fortra GoAnywhere MFT — tworzenie konta admina
CVE-2023-0669HIGH7.2⚠ KEVten sam produkt
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerabilit...
CVE-2025-14362HIGH7.3ten sam produkt
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User...
CVE-2025-1241MEDIUM5.8ten sam produkt
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2...