← Volver a CVEs
CVE-2025-14362
HIGH7.3
Descripcion
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
Detalles CVE
Puntuacion CVSS v3.17.3
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/21/2026
Ultima modificacion4/23/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
fortra:goanywhere_managed_file_transfer
Debilidades (CWE)
CWE-307
Referencias
https://fortra.com/security/advisories/product-security/FI-2026-002(df4dee71-de3a-4139-9588-11b62fe6c0ff)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.