CVE-2025-14362
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortra | GoAnywhere MFT | 0 < 7.10.0 | affected |
Weaknesses
- CWE-307: CWE-307 Improper restriction of excessive authentication attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.