Main Vulnerability Database Vulnerabilities #VU134964

Improper Restriction of Excessive Authentication Attempts in GoAnywhere MFT - CVE-2025-14362

Published: June 19, 2026

Vulnerability identifier: #VU134964

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-14362

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortra

Affected software:
GoAnywhere MFT

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass login attempt restrictions and guess an SSH key.

The vulnerability exists due to improper restriction of excessive authentication attempts in the SFTP service login mechanism when processing login attempts for a web user configured to authenticate with an SSH key. A remote attacker can send repeated authentication attempts to bypass login attempt restrictions and guess an SSH key.

Only web users configured to log in with an SSH key are affected.

How to mitigate CVE-2025-14362

Install security update from vendor's website.

Sources

https://www.fortra.com/security/advisories/product-security/fi-2026-002

Improper Restriction of Excessive Authentication Attempts in GoAnywhere MFT - CVE-2025-14362

Detailed vulnerability description

How to mitigate CVE-2025-14362

Sources

Please verify you're human