CVE-2025-8148

CVSS 4.2 - MEDIUM

Description

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

References

https://www.fortra.com/security/advisories/product...

Weakness Types

CWE-732

CVE Information

CVE ID:: CVE-2025-8148
Published:: 2025-12-05
Modified:: 2025-12-05
CVSS Score:: 4.2
Severity:: MEDIUM
Vector:: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Quick Actions

View on NVD

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL