Fortra has recently addressed a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) software. Users are strongly encouraged to apply the necessary patches without delay, as attackers have shown considerable skill in exploiting vulnerabilities related to MFT systems.
Overview of the GoAnywhere MFT Vulnerability
The identified flaw, designated as CVE-2025-10035, carries a maximum severity rating of 10.0 according to the CVSS v3.1 standards. Fortra made this information public in a security advisory issued on September 18. This vulnerability relates specifically to a deserialization issue within the GoAnywhere MFT’s License Servlet, which could potentially result in command injection.
Nature of the Vulnerability
According to Fortra, the vulnerability enables an unauthorized actor, equipped with a fabricated license response signature, to deserialized any object controlled by the attacker. This exploit could ultimately pave the way for command injection attacks, putting organizations at risk.
Recommended Actions for Users
Fortra is advising users to upgrade their software to one of the patched versions, specifically 7.8.4 or Sustain Release 7.6.3. Additionally, it is crucial to restrict public access to the GoAnywhere Admin Console. The likelihood of exploitation significantly increases if systems are exposed to the internet, emphasizing the importance of safeguarding these entry points.
Understanding MFT Vulnerabilities in Context
The exploitation of vulnerabilities in MFT systems has become alarmingly common in recent years, making CVE-2025-10035 a pressing concern for security professionals. Earlier vulnerabilities, such as CVE-2023-0669, had already been targeted by groups like CL0P and LockBit, highlighting a pattern of aggressive attacks on MFT platforms.
Insights from Security Experts
Ryan Dewhurst, head of proactive threat intelligence at WatchTowr Security, remarked that the new vulnerability follows a similar pathway to the previously exploited CVE-2023-0669, which many ransomware and APT groups leveraged last year. He emphasized that numerous GoAnywhere MFT instances are publicly accessible, making them potential targets for imminent exploitation in the wild. Dewhurst notes that while successful exploitation requires external exposure, MFT systems are generally designed to be internet-facing, placing them at increased risk.
Threat Groups and Their Tactics
The CL0P ransomware group serves as a prime example of how effectively MFT vulnerabilities can be exploited. In a notable instance earlier this year, CL0P’s attacks on Cleo MFT vulnerabilities resulted in a surge of ransomware incidents. This group has also actively targeted GoAnywhere MFT, MOVEit Transfer, and Accellion FTA vulnerabilities, underlining the perils that such threats pose.
Urgency of Patching and Mitigations
Considering the troubling history of attacks aimed at managed file transfer vulnerabilities, it is essential for GoAnywhere MFT users to promptly address CVE-2025-10035. Applying patches and enhancing security measures can help mitigate the risks associated with this vulnerability. The current landscape indicates that threat actors may soon capitalize on this flaw, making immediate action imperative for organizations using the GoAnywhere MFT software.
