all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2024-25153: Remote Code Execution in Fortra FileCatalyst

Add to bookmarks
March 13, 2024, 2:40 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

CVE-2024-25153, a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst, allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on a web server. This affects Fortra FileCatalyst Workflow 5.x before 5.1.6 Build 114.


We have created a full proof-of-concept exploit for this vulnerability, which can be found at GitHub below.


 GitHub: https://github.com/nettitude/CVE-2024-25153


Fortra FileCatalyst is an enterprise managed file transfer (MFT) solution which consists of several components – FileCatalyst Direct, Workflow, and Central. …

attacker build can code code execution concept critical cve directory directory traversal exploit file file upload forensics fortra found proof proof-of-concept rce remote code remote code execution server unauthenticated upload vulnerability web web server workflow

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 8 hours ago | malware.news
bytecode code detect found +12
Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 20 hours ago | malware.news
acquisition article cybersecurity darktrace +5
Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 21 hours ago | malware.news
amp and response april arctic +20
CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 21 hours ago | malware.news
april avalanche components critical +19
Showcasing Artwork by Max for Autism Awareness Month 21 hours ago | malware.news
art article artwork autism +6
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 22 hours ago | malware.news
article cisco deepfakes flowmon +6
Kaiser Permanente notifies 13.4M patients of potential data exposure 22 hours ago | malware.news
apps article data data exposure +16
Impact of organizational structure on ransomware outcomes: Where does your org fit in? 22 hours ago | malware.news
article challenges core security detection +15
VA is warning veterans about Change Healthcare cyberattack, secretary says 23 hours ago | malware.news
alerting article attack change +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs