7 matches found
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...
EUVD-2025-14216
Malicious code in bioql PyPI...
CVE-2025-0049
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
CVE-2025-0049
CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...
CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
PT-2025-18116 · Fortra · Goanywhere
Name of the Vulnerable Software and Affected Versions: Fortra's GoAnywhere versions prior to 7.8.0 Description: The issue is related to missing input validation in certain features of the Web Client, allowing an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript int...
PT-2025-18117 · Unknown · Goanywhere
Name of the Vulnerable Software and Affected Versions: GoAnywhere versions prior to 7.8.0 Description: The issue occurs when a web user without create permission on subfolders attempts to upload a file to a non-existent directory. In this scenario, the error message includes the absolute server...