CVE-2025-3871

Name of the Vulnerable Software and Affected Versions GoAnywhere MFT versions prior to 7.8.1

Description A broken access control issue in Fortra's GoAnywhere MFT can lead to a denial of service. This occurs when the software is configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and a user has not set an email address. An attacker can enter the email address of a known user, which results in the user being disabled.

Recommendations Update GoAnywhere MFT to version 7.8.1 or later.