CVE-2025-3871 – Fortra GoAnywhere MFT Authentication Bypass Denial of Service

CVE ID : CVE-2025-3871

Published : July 16, 2025, 2:15 p.m. | 20 minutes ago

Description : Broken access control in Fortra’s GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…