PT-2025-49314 · Fortra · Goanywhere Mft
Published
2025-12-05
·
Updated
2026-01-30
·
CVE-2025-8148
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GoAnywhere MFT versions prior to 7.9.0
Description
An improper access control exists in the SFTP service. This affects web users who have an authentication alias and a valid SSH key, but are limited to password authentication for SFTP. These users can still log in using their SSH key.
Recommendations
Update to version 7.9.0 or later.
Fix
Incorrect Authorization
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Goanywhere Mft