top of page

Critical Vulnerability in Fortra FileCatalyst Workflow Allows Remote Code Execution

A critical vulnerability, identified as CVE-2024-25153, was discovered in Fortra FileCatalyst Workflow. This vulnerability allowed remote attackers to execute arbitrary code. The vulnerability was due to a directory traversal bug in the FileCatalyst Workflow web portal, which enabled attackers to download files outside the intended temporary directory using POST requests.The flaw was discovered in August 2023 and was corrected in FileCatalyst Workflow version 5.1.6 Build 114.

Fortra, a CVE numbering authority since December 2023, confidently assigned CVE-2024-25153 to a vulnerability and expertly coordinated its public disclosure with Nettitude security researcher Tom Wedgbury, who identified the flaw. Wedgbury published Proof-of-Concept (PoC) code and a technical report detailing how an attacker could exploit the bug to download a web shell and execute system commands. Fortra warns that attackers can exploit this vulnerability to download and execute web shells.

SOCRadar, a cybersecurity firm, has issued a warning that threat actors may use PoC code, but with the latest patch, you can be confident in the security of your systems. To mitigate the risk of potential attacks on vulnerable systems, it is imperative that organizations update to the latest patched version of FileCatalyst Workflow as soon as possible.

Fortra, the company responsible for FileCatalyst, has addressed a high severity bug and a medium severity bug in the latest release of FileCatalyst Direct 3.8.9, which could result in arbitrary code execution and information disclosure, respectively. Furthermore, they have fixed a medium severity flaw that leads to information disclosure in the latest release of GoAnywhere MFT 7.4.2. Although Fortra has not reported any instances of these vulnerabilities being exploited, it is crucial to acknowledge that past security flaws in their products have been targeted in attacks.

Please refer to Fortra's product security page for more information.


bottom of page