#deserialization-vulnerability
#deserialization-vulnerability

Medusa-linked attackers exploited a critical deserialization flaw in Fortra's GoAnywhere MFT (CVE-2025-10035) to enable code execution, deploy RMM tools, and maintain persistence.

Information security

fromSecurityWeek

2 weeks ago

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

A critical deserialization vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035) was exploited in the wild at least eight days before patches were released.

[ Load more ]

#deserialization-vulnerability#deserialization-vulnerability

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Fortra discloses 10/10 severity bug in GoAnywhere MFT

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Fortra discloses 10/10 severity bug in GoAnywhere MFT

Microsoft blames Medusa affiliates for GoAnywhere exploits

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

#deserialization-vulnerability
#deserialization-vulnerability