CVE-2024-25157: 
GoAnywhere MFT vulnerability analysis and mitigation

An authentication bypass vulnerability was discovered in GoAnywhere MFT versions prior to 7.6.0. The vulnerability allows Admin Users with access to the Agent Console to bypass certain permission checks when attempting to visit other pages (Fortra Advisory, NVD).

The vulnerability has been assigned CVE-2024-25157 and is classified with CWE-287 (Improper Authentication) and CWE-303 (Incorrect Implementation of Authentication Algorithm). It has received a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility with low attack complexity, requiring high privileges, no user interaction, and potentially resulting in high confidentiality and integrity impacts (Fortra Advisory).

The exploitation of this vulnerability could lead to unauthorized information disclosure or modification of data within the GoAnywhere MFT system. The CVSS scoring indicates high impacts on both confidentiality and integrity, though availability is not affected (Fortra Advisory).

The recommended mitigation is to upgrade to GoAnywhere MFT version 7.6.0 or higher (Fortra Advisory).