What is CVE-2025-14362?

CVE-2025-14362 is a high-severity vulnerability in Fortra Goanywhere Mft, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.3/10. Published 2026-04-21.

How severe is CVE-2025-14362?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Fortra Goanywhere Mft

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute…

EPSS: 0.001 (17.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Fortra Goanywhere Mft — versions 0

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

fortra.com/security/advisories/product-security/FI-2026-002

Frequently asked questions

What is CVE-2025-14362?: CVE-2025-14362 is a high-severity vulnerability in Fortra Goanywhere Mft, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.3/10. Published 2026-04-21.
How severe is CVE-2025-14362?: High severity. CVSS v3 base score is 7.3 out of 10.