Unrated severityNVD Advisory· Published Apr 28, 2025· Updated Apr 28, 2025
Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0
CVE-2025-0049
Description
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
Affected products
2- Range: <7.8.0
- Range: 0
Patches
Vulnerability mechanics
References
1- www.fortra.com/security/advisories/product-security/fi-2025-004mitrevendor-advisory
News mentions
0No linked articles in our index yet.