A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Metrics
Affected Vendors & Products
Fixes
Solution
Upgrade to FileCatalyst 5.1.6 Build 114 or later to remediate this issue.
Workaround
No workaround given by the vendor.
References
History
Fri, 19 Sep 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fortra filecatalyst
|
|
CPEs | cpe:2.3:a:fortra:filecatalyst:5.1.4:*:*:*:*:*:*:* | |
Vendors & Products |
Fortra filecatalyst
|
|
References |
| |
Metrics |
ssvc
|
Tue, 21 Jan 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fortra
Fortra filecatalyst Workflow |
|
Weaknesses | CWE-668 | |
CPEs | cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:* cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112:*:*:*:*:*:* |
|
Vendors & Products |
Fortra
Fortra filecatalyst Workflow |

Status: PUBLISHED
Assigner: Fortra
Published:
Updated: 2025-09-19T12:46:03.155Z
Reserved: 2024-02-06T21:23:57.924Z
Link: CVE-2024-25153

Updated: 2024-08-01T23:36:21.630Z

Status : Modified
Published: 2024-03-13T15:15:50.913
Modified: 2025-09-19T13:15:42.337
Link: CVE-2024-25153

No data.

No data.