CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

History

10 May 2025, 00:55

Type Values Removed Values Added
CPE cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
References () https://www.fortra.com/security/advisories/product-security/fi-2025-004 - () https://www.fortra.com/security/advisories/product-security/fi-2025-004 - Vendor Advisory
First Time Fortra
Fortra goanywhere Managed File Transfer

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Cuando un usuario web sin permiso de creación en subcarpetas intenta subir un archivo a un directorio inexistente, el mensaje de error incluye la ruta absoluta del servidor, lo que podría permitir el análisis de errores para el mapeo de aplicaciones. Este problema afecta a GoAnywhere: versiones anteriores a la 7.8.0.

28 Apr 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-28 21:15

Updated : 2025-05-10 00:55


NVD link : CVE-2025-0049

Mitre link : CVE-2025-0049

CVE.ORG link : CVE-2025-0049


JSON object : View

Products Affected

fortra

  • goanywhere_managed_file_transfer
CWE
CWE-209

Generation of Error Message Containing Sensitive Information