Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-8450
PUBLISHED
More InfoOfficial Page
Assigner-Fortra
Assigner Org ID-df4dee71-de3a-4139-9588-11b62fe6c0ff
View Known Exploited Vulnerability (KEV) details
Published At-19 Aug, 2025 | 18:01
Updated At-29 Aug, 2025 | 20:09
Rejected At-
▼CVE Numbering Authority (CNA)
Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

Affected Products
Vendor
Fortra LLCFortra
Product
FileCatalyst
Platforms
  • Windows
  • MacOS
  • Linux
Default Status
unaffected
Versions
Affected
  • From 5.1.6 through 5.2.0 Build 80 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
CWECWE-306CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-563CAPEC-563 Add Malicious File to Shared Webroot
CAPEC-650CAPEC-650 Upload a Web Shell to a Web Server
Solutions

Update to the latest version of FileCatalyst, Version 5.2.0 - Build 130

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fortra.com/security/advisories/product-security/fi-2025-010
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found