CVE-2024-25157

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 14, 2024

Updated: Aug 19, 2024

CWE ID 287

CWE ID 303

Summary

CVE-2024-25157 is an authentication bypass vulnerability affecting GoAnywhere MFT versions before 7.6.0. This issue allows Admin Users with access to the Agent Console to bypass certain permission checks when navigating to other pages. The consequences of exploiting this vulnerability could result in unauthorized information disclosure or modification. GoAnywhere MFT users are strongly advised to upgrade to version 7.6.0 or later to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fortra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ubSZe1
https://www.cve.org/CVERecord?id=CVE-2024-25157
https://nvd.nist.gov/vuln/detail/CVE-2024-25157

Back to Vulnerability Database

CVE-2024-25157

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations