Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published.
Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, Workflow, and Central.
CVE-2024-25153 is a directory traversal vulnerability in FileCatalyst Workflow's web portal that could allow a remote authenticated threat actor to execute arbitrary code on vulnerable servers.
The vulnerability was first discovered in August 2023 and patched a few days later in the FileCatalyst version 5.1.6 Build 114, but had no CVE identifier at the time.
The identifier was assigned after Fortra became a CVE Numbering Authority in December 2023.
The company and Tom Wedgbury, the security researcher that discovered and reported the flaw, planned its coordinated disclosure in March 2024.
Fortra's security advisory and Wedgbury's blog post with technical details and the PoC have been published on Wednesday.
There are currently no indications of the vulnerability being exploited in the wild, but organizations are nevertheless advised to apply the available patch.
When a PoC for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT solution was recently made public, exploit attempts began soon after.
In late January 2023, the Cl0p ransomware group leveraged a zero-day vulnerability in the same solution, and stole data of over 130 victim organizations.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 19 Mar 2024 12:13:04 +0000