GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

FI-2026-002 - GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

Severity

High

Published Date

21-Apr-2026

Updated Date

21-Apr-2026

Vulnerabilities

CVE-2025-14362

Notes

Description

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Vulnerabilities

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

Severity

High

CVE

CVE-2025-14362

CWE

CWE-307:Improper restriction of excessive authentication attempts

Discovery Date

17-Nov-2023

CSSv3.1

7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products

GoAnywhere MFT

Vulnerability Notes

Remediation: Vendor Fix

Upgrade to patched version.

References

(https://www.cve.org/cverecord?id=CVE-2025-14362)

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

FI-2026-002 - GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

Notes

Vulnerabilities

Vulnerability Notes

References

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum