CVE-2024-25157
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 14, 2024
Updated: Aug 19, 2024
CWE ID 287
CWE ID 303
Summary
CVE-2024-25157 is an authentication bypass vulnerability affecting GoAnywhere MFT versions before 7.6.0. This issue allows Admin Users with access to the Agent Console to bypass certain permission checks when navigating to other pages. The consequences of exploiting this vulnerability could result in unauthorized information disclosure or modification. GoAnywhere MFT users are strongly advised to upgrade to version 7.6.0 or later to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Fortra