CVE-2024-0204 CRITICAL

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT

Vendor Fortra
Product GoAnywhere MFT
Weakness CWE-425 · Forced browsing
Published January 22, 2024
Last update May 30, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Key dates

02Disclosure timeline

January 22, 2024 CVE published
May 30, 2025 Record updated