Description
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping.
This issue affects GoAnywhere: before 7.8.0.
Products
- Fortra GoAnywhere Managed File Transfer
- Fortra Goanywhere Managed File Transfer -
- Fortra Goanywhere Managed File Transfer 6.0.0
- Fortra Goanywhere Managed File Transfer 7.0.0
- Fortra Goanywhere Managed File Transfer 7.0.1
- Fortra Goanywhere Managed File Transfer 7.0.2
- Fortra Goanywhere Managed File Transfer 7.0.3
- Fortra Goanywhere Managed File Transfer 7.1.0
- Fortra Goanywhere Managed File Transfer 7.1.1
- Fortra Goanywhere Managed File Transfer 7.1.2
- Fortra Goanywhere Managed File Transfer 7.1.3
- Fortra Goanywhere Managed File Transfer 7.2.0
- Fortra Goanywhere Managed File Transfer 7.2.1
- Fortra Goanywhere Managed File Transfer 7.3.0
- Fortra Goanywhere Managed File Transfer 7.3.1
- Fortra Goanywhere Managed File Transfer 7.4.0
- Fortra Goanywhere Managed File Transfer 7.4.1
- Fortra Goanywhere Managed File Transfer 7.4.2
- Fortra Goanywhere Managed File Transfer 7.5.0
- Fortra Goanywhere Managed File Transfer 7.5.1
- Fortra Goanywhere Managed File Transfer 7.5.2
- Fortra Goanywhere Managed File Transfer 7.5.3
- Fortra Goanywhere Managed File Transfer 7.6.0
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2025-0049, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-0049 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References