Vulnerability DatabaseCVE-2025-8148

CVE-2025-8148:
GoAnywhere MFT vulnerability analysis and mitigation

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

Source: NVD

Related GoAnywhere MFT vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-10035	CRITICAL	9.8	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	Yes	Yes	Sep 18, 2025
CVE-2024-11922	MEDIUM	5.4	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	No	Yes	Apr 28, 2025
CVE-2025-3871	MEDIUM	5.3	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	No	Yes	Jul 16, 2025
CVE-2025-0049	MEDIUM	4.3	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	No	Yes	Apr 28, 2025
CVE-2025-8148	MEDIUM	4.2	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	No	Yes	Dec 05, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-8148: GoAnywhere MFT vulnerability analysis and mitigation