Fortra fixes remote code flaw in FileCatalyst file transfer tool
Take action: If you are using Fortra FileCatalyst, patch as soon as possible. Hackers are already well versed in exploiting Fortra products, and with a PoC available, exploits are soon to follow.
Learn More
Fortra is reporting acritical security flaw in its FileCatalyst file transfer solution that exposes the tool to remote code execution attacks.
The vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) pertains to a directory traversal issue in the FileCatalyst Workflow’s "ftpservlet," which impacts how files are managed within the web portal. Attackers can exploit this vulnerability through a specially crafted POST request to upload files outside the designated "uploadtemp" directory. If an attacker successfully uploads a Java Server Page (JSP) file to the portal's DocumentRoot, they could execute arbitrary code, including web shells, on the server.
This security flaw was first identified on August 9, 2023, and Fortra responded by patching the issue in FileCatalyst Workflow version 5.1.6 Build 114 just two days later. A full proof-of-concept (PoC) exploit is published as well.
In January 2024, Fortra patched additional vulnerabilities in FileCatalyst Direct—CVE-2024-25154 and CVE-2024-25155—addressing potential information leakage and code execution risks.
Fortra reports that they aren't aware of any real-world exploitation. However, given the previous exploitation of vulnerabilities in Fortra's GoAnywhere managed file transfer solution by cybercriminals, users are advised to patch their Fortra products as soon as possible.
