A third vulnerability also patched in version 8.1.0.16 was an information disclosure flaw. This issue allowed a remote attacker to determine the serial number of the hard drive on which the Globalscape EFT was installed by sending a "trial extension request" message to the administration server. While less severe than an authentication bypass, this information disclosure could provide an attacker with valuable data for future, more targeted attacks.
Underlying encryption layer vulnerabilities inherited from legacy cryptographic dependencies. by upgrading to OpenSSL v3.6.1 in March 2026.
When you have an active Maintenance and Support Plan, you can update to the next version for free. globalscape terms patched
In short, the patch closes a logic-bypass vulnerability that could let a bad actor rewrite your security rules from within.
: Globalscape stops marketing or distributing a specific version. This typically starts when the next major version is released. End of Support Life (EOSL) A third vulnerability also patched in version 8
Over the years, several critical vulnerabilities have targeted GlobalScape EFT platforms. Examining how these vulnerabilities work highlights the importance of keeping patches up to date. 1. The CVE-2019-12181 Directory Traversal Patch
Password-based attacks remain a primary vector for unauthorized access. Enforce MFA for all administrative accounts and external user portals accessing the Globalscape infrastructure. Conclusion In short, the patch closes a logic-bypass vulnerability
One of the most notable vulnerabilities patched in Globalscape EFT involved an insecure deserialization flaw. In software development, serialization converts complex data structures into a format that can be easily stored or transmitted. Deserialization reverses this process.
This vulnerability—sometimes referred to as the “Recursive Deflate Stream DoS” issue—allows an to cause the EFT service to stop responding by sending a specially crafted packet. The vulnerability exists due to insufficient validation of user-supplied input when processing recursive Deflate Streams.
Globalscape EFT patches address both critical security vulnerabilities, such as CVE-2025-15467 with OpenSSL v3.6.1 [10] and CVE-2023-2989 [3], as well as compliance configurations like enabling pre-login Terms of Service [9]. The company's Master Service Agreement grants them the right to amend policies, which are effective immediately upon posting to their EOL Policy page [1, 6]. For more information, visit the Globalscape End of Life Policy and Master Service Agreement pages.