cbcvebase.
CVE-2025-14362
published 2026-04-21

CVE-2025-14362: The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to…

PriorityP341high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.19%
9.2th percentile
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Affected

2 ranges
VendorProductVersion rangeFixed in
fortragoanywhere_managed_file_transfer< 7.10.07.10.0
fortragoanywhere_mft< 7.10.07.10.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.