CVE-2025-1241

MEDIUM NVD

CVSS Score 5.8

Severity MEDIUM

Published Apr 21, 2026

Vendor unknown

Description

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

References

https://fortra.com/security/advisories/product-security/FI-2026-001