Fortra mitigated a significant directory traversal vulnerability known as "Zip Slip" that could occur during compression or decompression within EFT .
Recent patch cycles have addressed severe vulnerabilities that challenged the integrity of the software. The phrase "Globalscape terms patched" refers specifically to the resolution of a chain of vulnerabilities, including a deserialization issue and an authentication bypass, which collectively allowed threat actors to take control of unpatched servers. This paper aims to dissect these security updates to inform system administrators and security professionals of the criticality of immediate patching.
What is your organization currently running?
To ensure your Globalscape instance is fully patched according to the Globalscape Knowledge Base , users should: globalscape terms patched
function show_alert() do var r = confirm("INSERT YOUR ENTERPRISE TERMS OF SERVICE HERE."); if (r != true) alert("You must press 'OK' to continue"); while (r != true); Use code with caution.
The primary fix involved correcting how the application handled the "Terms" fields.
Always test new patches in a non-production staging environment to ensure compatibility with existing workflows and scripts. This paper aims to dissect these security updates
When your vulnerability scanner or vendor notification reads treat it with high priority. This is not a minor UI text change or a superficial license update. It is a fundamental reinforcement of the rules that separate authorized users from threat actors.
Unpatched systems are easy targets for attackers looking to exploit known vulnerabilities like CVE-2025-15467.
Directory traversal (or path traversal) is an exploit where an attacker manipulates file paths to access files and directories stored outside the intended web root folder. The primary fix involved correcting how the application
: In March 2026, Globalscape released EFT version 8.3.2.568 , which specifically patched this OpenSSL vulnerability by upgrading the library to version 3.6.1.
An additional issue was identified where a default configuration could lead to password leakage. This was also addressed in the same update.