CVE-2025-14362: GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances
Published Apr 21, 2026
·Updated
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
Affected Software
2 affected components
Fortra GoAnywhere MFT<7.10.0
Fortra Goanywhere Managed File Transfer<7.10.0
Remediation
Information
Upgrade to patched version.
Event History
Apr 21, 2026
CVE Published
via MITRE·02:14 PM
Data Sourced
via MITRE·02:14 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-14362?
CVE-2025-14362 has been rated as a high severity vulnerability due to its potential for brute force attacks.
2
How do I fix CVE-2025-14362?
To fix CVE-2025-14362, upgrade to Fortra's GoAnywhere MFT version 7.10.0 or later.
3
What does CVE-2025-14362 affect?
CVE-2025-14362 affects the SFTP service of Fortra's GoAnywhere MFT prior to version 7.10.0.
4
What can attackers do with CVE-2025-14362?
Attackers can attempt to perform brute-force login attacks on the SFTP service under certain configurations.
5
Is CVE-2025-14362 a widespread issue?
Yes, CVE-2025-14362 could potentially affect any institution using vulnerable versions of Fortra's GoAnywhere MFT.