CVE-2025-14362

EPSS 0.19%
Veröffentlicht 21.04.2026 14:14:08
Zuletzt bearbeitet 23.04.2026 14:16:39
Quelle df4dee71-de3a-4139-9588-11b62f
CVE-Watchlists
Login
Unerledigt
Login

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortra ≫ Goanywhere Managed File Transfer Version < 7.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.091

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
df4dee71-de3a-4139-9588-11b62fe6c0ff	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://fortra.com/security/advisories/product-security/FI-2026-002

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14362

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14362