Home

Description

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-19 | Updated 2025-08-29 | Assigner Fortra




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

5.1.6
affected

References

www.fortra.com/...ty/advisories/product-security/fi-2025-010

cve.org (CVE-2025-8450)

nvd.nist.gov (CVE-2025-8450)

Download JSON