CVE-2025-8450

Published: Aug 19, 2025Modified: Aug 29, 2025

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploitability: 3.9 / Impact: 4.2

Source: df4dee71-de3a-4139-9588-11b62fe6c0ff (Secondary)

Description

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://www.fortra.com/security/advisories/product-security/fi-2025-010

Source: df4dee71-de3a-4139-9588-11b62fe6c0ff

Timeline

No history available yet.