CVE-2025-0049

Low CVSS: 3.5

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping.
This issue affects GoAnywhere: before 7.8.0.

Vendor

Fortra

Product

Goanywhere Managed File Transfer

CWE

CWE-209

Yayın Tarihi

2025-04-28 21:15:56

Güncelleme

2025-05-10 00:55:19

Source Identifier

df4dee71-de3a-4139-9588-11b62fe6c0ff

KEV Date Added

Kategoriler

CWE-209 Goanywhere Managed File Transfer LOW Fortra 2025

Referanslar

https://www.fortra.com/security/advisories/product-security/fi-2025-004

Benzer Kayıtlar

Medium

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with a…

Critical

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged…

Medium

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an a…