CVE-2025-0049
LOWDescription
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortra | goanywhere_managed_file_transfer |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-0049? +
How severe is CVE-2025-0049? +
What products are affected by CVE-2025-0049? +
How do I check if I'm vulnerable to CVE-2025-0049? +
Related Vulnerabilities
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google …
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages …
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected …
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not …
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When …
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting …