Fortra Releases Update on Critical Severity RCE Flaw

The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue.

Fortra this week released an update for
a critical vulnerability
that was initially discovered in August 2023.
Tracked as CVE-2024-25153 with a critical severity CVSS score of 9.8, the vulnerability poses a threat to the companys FileCatalyst file transfer product. Its a type of software that allows for the transfer of large files over remote networks experiencing high latency or packet loss, according to the company.
The vulnerability can be exploited if an unauthenticated threat actor executes arbitrary code remotely on affected servers.
A directory traversal within the ftpservlet of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended uploadtemp directory with a specially crafted POST request,
Fortra said in its advisory
. In situations where a file is successfully uploaded to web portals DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Though Fortra has been aware of the bug since it was initially reported months ago, it is issuing a CVE now at the request of the individual who reported the vulnerability in the first place.
Fortra reports that products that are affected by this bug are its Fortra FileCatalyst Workflow 5.x software, and it recommends upgrading to the 5.1.6 Build 114 or higher to remediate the issue.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Fortra Releases Update on Critical Severity RCE Flaw