{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mft/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2025-14362"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["goanywhere","mft","bruteforce","ssh"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2025-14362 is a vulnerability affecting Fortra\u0026rsquo;s GoAnywhere MFT servers prior to version 7.10.0. The vulnerability arises because the login limit is not enforced on the SFTP service when a Web User is configured to authenticate using an SSH key. This lack of enforcement allows attackers to conduct brute-force attacks against the SSH key, attempting to guess the key through repeated authentication attempts. Successful exploitation grants unauthorized access to the GoAnywhere MFT server, potentially leading to data breaches, system compromise, and other malicious activities. Defenders should prioritize patching vulnerable GoAnywhere MFT instances to version 7.10.0 or later.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a GoAnywhere MFT server running a version prior to 7.10.0.\u003c/li\u003e\n\u003cli\u003eAttacker determines that the GoAnywhere MFT server allows Web Users to authenticate using SSH keys.\u003c/li\u003e\n\u003cli\u003eAttacker attempts to authenticate to the SFTP service using a series of generated SSH keys.\u003c/li\u003e\n\u003cli\u003eDue to the lack of login limit enforcement, the attacker can make unlimited authentication attempts without being locked out.\u003c/li\u003e\n\u003cli\u003eThe attacker continues brute-forcing SSH keys until a valid key is guessed, or an exploitable weakness is found.\u003c/li\u003e\n\u003cli\u003eUpon successful authentication, the attacker gains unauthorized access to the GoAnywhere MFT server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then upload/download arbitrary files, execute commands, and potentially move laterally within the network.\u003c/li\u003e\n\u003cli\u003eThe final objective is to exfiltrate sensitive data or establish a persistent foothold within the target environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-14362 can lead to unauthorized access to sensitive data managed by the GoAnywhere MFT server. This could include financial records, customer data, intellectual property, and other confidential information. The number of victims is dependent on the exposure of vulnerable GoAnywhere MFT servers. Sectors commonly using MFT solutions, such as finance, healthcare, and government, are at increased risk. The impact of a successful attack can range from data breaches and financial loss to reputational damage and legal liabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Fortra GoAnywhere MFT to version 7.10.0 or later to patch CVE-2025-14362 (reference: Overview).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on SSH authentication attempts at the network or host level to mitigate brute-force attacks, even after patching (reference: Attack Chain).\u003c/li\u003e\n\u003cli\u003eMonitor SFTP logs for excessive failed authentication attempts originating from the same source IP address using a Sigma rule similar to the one provided below (reference: Rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-goanywhere-bruteforce/","summary":"Fortra's GoAnywhere MFT prior to 7.10.0 is vulnerable to brute-force attacks on SSH keys because the login limit is not enforced on the SFTP service when Web Users are configured to log in with an SSH Key.","title":"Fortra GoAnywhere MFT SSH Key Brute-Force Vulnerability (CVE-2025-14362)","url":"https://feed.craftedsignal.io/briefs/2026-04-goanywhere-bruteforce/"}],"language":"en","title":"CraftedSignal Threat Feed — Mft","version":"https://jsonfeed.org/version/1.1"}