#cve-2025-10035

[ follow ]
#goanywhere-mft #deserialization-vulnerability #medusa-ransomware #storm-1175 #remote-code-execution
#goanywhere-mft
more#goanywhere-mft
#fortra-goanywhere
fromThe Hacker News
1 week ago
Information security

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Critical deserialization vulnerability CVE-2025-10035 in Fortra GoAnywhere enabled Storm-1175 to deploy Medusa ransomware via RMM tools, RCE, and lateral movement.
fromThe Hacker News
2 weeks ago
Information security

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
more#fortra-goanywhere
Information security
fromTheregister
1 week ago

Microsoft blames Medusa affiliates for GoAnywhere exploits

Medusa-linked attackers exploited a critical deserialization flaw in Fortra's GoAnywhere MFT (CVE-2025-10035) to enable code execution, deploy RMM tools, and maintain persistence.
[ Load more ]