CVE-2025-8148

Medium CVSS: 4.2

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

Vendor

Fortra

Product

Goanywhere Managed File Transfer

CWE

CWE-732

Yayın Tarihi

2025-12-05 21:15:54

Güncelleme

2026-01-30 16:52:35

Source Identifier

df4dee71-de3a-4139-9588-11b62fe6c0ff

KEV Date Added

Kategoriler

CWE-732 Goanywhere Managed File Transfer MEDIUM Fortra 2025

Referanslar

https://www.fortra.com/security/advisories/product-security/fi-2025-013

Benzer Kayıtlar

Critical

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged…

Medium

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an a…

Low

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error…