"FileCatalyst Transfer Tool Receives Critical RCE Vulnerability Patch from Fortra"
Originally Published 1 year ago — by The Hacker News
Fortra has patched a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-25153, in its FileCatalyst file transfer solution, which could allow unauthenticated attackers to upload files outside the intended directory and execute code. The flaw was reported in August 2023 and addressed in FileCatalyst Workflow version 5.1.6 Build 114. Another two security vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) were also resolved. Users are advised to apply the necessary updates to mitigate potential threats, especially in light of previous exploitation of Fortra's managed file transfer solution by threat actors.