PT-2026-33974 · Fortra · Goanywhere Mft+1
Published
2026-04-21
·
Updated
2026-04-21
·
CVE-2025-1241
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GoAnywhere MFT versions prior to 7.10.0
GoAnywhere Agents versions prior to 2.2.0
Description
Encrypted values utilize a static IV (Initialization Vector), which is a fixed starting value used in encryption to ensure that the same plaintext encrypts to different ciphertexts. This allows admin users to brute-force the decryption of data.
Recommendations
Update GoAnywhere MFT to version 7.10.0 or later.
Update GoAnywhere Agents to version 2.2.0 or later.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goanywhere Agents
Goanywhere Mft