CVE-2024-25157

MEDIUM

GoAnywhere MFT <7.6.0 - Auth Bypass

Title source: llm

Description

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

References (1)

[Vendor Advisory] https://www.fortra.com/security/advisories/product-security/fi-2024-009

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-287 CWE-303

Status published

Affected Products (1)

fortra/goanywhere_managed_file_transfer < 7.6.0

Timeline

Published Aug 14, 2024

Tracked Since Feb 18, 2026