"Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious activity" related to the flaw."
"A hotfix for versions 7.6.x, 7.7.x, and 7.8.x of the software was made available the next day, with full releases incorporating the patch - versions 7.6.3 and 7.8.4 - made available on September 15. Three days later, a CVE for the vulnerability was formally published, it added. "The scope of the risk of this vulnerability is limited to customers with an admin console exposed to the public internet," Fortra said. "Other web-based components of the GoAnywhere architecture are not affected by this vulnerability.""
Fortra began an investigation on September 11 after a customer reported a potential vulnerability and uncovered suspicious activity linked to CVE-2025-10035. The company identified on-premises installations with publicly accessible GoAnywhere admin consoles and alerted law enforcement. A hotfix was issued the next day and patched releases were published on September 15; a CVE was assigned three days later. The vulnerability is a deserialization flaw in the License Servlet that allows unauthenticated command injection and has been exploited by a group tracked as Storm-1175 to deploy Medusa ransomware. Fortra recommends restricting admin console internet access, enabling monitoring, and keeping software updated. Reports indicate a limited number of unauthorized activities and uncertainty about how private keys were obtained.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]