CVE-2025-14362

Published Apr 21, 2026

Last updated 3 days ago

CVSS high 7.3

Overview

Description: The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
Source: df4dee71-de3a-4139-9588-11b62fe6c0ff
NVD status: Analyzed
Products: goanywhere_managed_file_transfer

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.3
Impact score: 3.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH

Weaknesses

df4dee71-de3a-4139-9588-11b62fe6c0ff: CWE-307

Hype score: Not currently trending

CVE-2025-14362 The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in w… https://t.co/0lsDRXZ4Hu
@CVEnew
21 Apr 2026
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8EB6422D-7B12-41B3-BD42-5610C6C72524",
            "versionEndExcluding": "7.10.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References