VYPR
Unrated severityNVD Advisory· Published Apr 28, 2025· Updated Apr 28, 2025

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

CVE-2025-0049

Description

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.