CVE-2025-14362

HIGH

7.3

Description

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

CVE Details

CVSS v3.1 Score7.3

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published4/21/2026

Last Modified4/23/2026

Sourcenvd

Honeypot Sightings0

Affected Products

fortra:goanywhere_managed_file_transfer

Weaknesses (CWE)

CWE-307

References

https://fortra.com/security/advisories/product-security/FI-2026-002(df4dee71-de3a-4139-9588-11b62fe6c0ff)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.