Description

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

INFO

Published Date :

2025-12-05T20:56:05.135Z

Last Modified :

2025-12-05T21:48:44.070Z

Source :

Fortra
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8148 vulnerability.

Vendors Products
Fortra
  • Goanywhere Managed File Transfer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8148.

URL Resource
https://www.fortra.com/security/advisories/product-security/fi-2025-013 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact