CVE-2025-0049 - CERT CVE
ID CVE-2025-0049
Sažetak When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
Reference
CVSS
Base: 3.5
Impact: 1.4
Exploitability:2.1
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Zadnje važnije ažuriranje 10-05-2025 - 00:55
Objavljeno 28-04-2025 - 21:15