← Retour aux CVEs
CVE-2025-14362
HIGH7.3
Description
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
Details CVE
Score CVSS v3.17.3
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/21/2026
Derniere modification4/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
fortra:goanywhere_managed_file_transfer
Faiblesses (CWE)
CWE-307
References
https://fortra.com/security/advisories/product-security/FI-2026-002(df4dee71-de3a-4139-9588-11b62fe6c0ff)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.