Security Advisory

CVE-2025-8148

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-05 20:56:05

Last updated 2025-12-05 21:48:44

Assigner Fortra

State PUBLISHED

Description

An Improper Access Control in the SFTP service in Fortras GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

← Browse all CVEs View on cve.org ↗