CVE-2024-25153

CRITICAL

FileCatalyst Workflow Web Portal - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-25153. PoCs published by nettitude, rainbowhatrkn.

AI-analyzed exploit summary This is a functional exploit for CVE-2024-25153, achieving remote code execution in Fortra FileCatalyst Workflow by uploading a malicious JSP file via a directory traversal vulnerability in the FTP servlet. The exploit leverages anonymous login and executes arbitrary commands via the uploaded JSP shell.

Description

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

Exploits (2)

nomisec WORKING POC 42 stars

by nettitude · poc

https://github.com/nettitude/CVE-2024-25153

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-25153, achieving remote code execution in Fortra FileCatalyst Workflow by uploading a malicious JSP file via a directory traversal vulnerability in the FTP servlet. The exploit leverages anonymous login and executes arbitrary commands via the uploaded JSP shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fortra FileCatalyst Workflow 5.x (before 5.1.6 Build 114)

No auth needed

Prerequisites: Anonymous login enabled · Network access to target · FTP servlet accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by rainbowhatrkn · poc

https://github.com/rainbowhatrkn/CVE-2024-25153

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-25153, a remote code execution vulnerability in Fortra FileCatalyst Workflow. The exploit leverages an unauthenticated file upload vulnerability to deploy a JSP webshell and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fortra FileCatalyst Workflow 5.x before 5.1.6 Build 114

No auth needed

Prerequisites: Target must have anonymous login enabled · Network access to the target's FileCatalyst Workflow interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes

https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html

Vendor Advisory

https://www.fortra.com/security/advisory/fi-2024-002

Various Sources

https://github.com/nettitude/CVE-2024-25153/blob/master/CVE-2024-25153.py

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.4174

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-472 CWE-668

Status published

Products (2)

fortra/filecatalyst_workflow 5.1.6 build112

fortra/filecatalyst_workflow 5.0 - 5.1.6

Published Mar 13, 2024

Tracked Since Feb 18, 2026