7 matches found
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...
EUVD-2025-14216
Malicious code in bioql PyPI...
CVE-2025-0049
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
CVE-2025-0049
CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...
PT-2025-18117 · Unknown · Goanywhere
Name of the Vulnerable Software and Affected Versions: GoAnywhere versions prior to 7.8.0 Description: The issue occurs when a web user without create permission on subfolders attempts to upload a file to a non-existent directory. In this scenario, the error message includes the absolute server...
PT-2025-18116 · Fortra · Goanywhere
Name of the Vulnerable Software and Affected Versions: Fortra's GoAnywhere versions prior to 7.8.0 Description: The issue is related to missing input validation in certain features of the Web Client, allowing an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript int...