- 189/2025
- High
Fortra has released security updates to fix several vulnerabilities affecting multiple Fortra products.
The addressed vulnerabilities could allow the attacker to perform a denial of service attack, obtain sensitive information, gain elevated privileges, conduct cross-site scripting attacks, or execute arbitrary commands/codes, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
Fortra FileCatalyst Unrestricted File Upload Vulnerability (CVE-2025-8450):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- FortraFileCatalyt version 5.1.6 through 5.2.0.
- Fortra GoAnywhere MFT version 7.8.0 and earlier.
- Fortra’s Core Privileged Access Manager (BoKS) versions 7.2.0 to 7.2.0.17.
Vulnerabilities
- CVE-2025-8450
- CVE-2025-3871
- CVE-2025-5141
- CVE-2025-33108
- CVE-2024-11922
- CVE-2025-0049
- CVE-2024-11923
- CVE-2024-55897
- CVE-2024-55896
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.