"The watchTowr researchers Xeeted that it was likely that exploits had already been successful, and in their latest blog, they said that they received evidence of attacks using the vulnerability on September 10. According to watchTowr's findings, attackers trigger the pre-auth deserialization bug to achieve remote code execution (RCE) capability, then create backdoor admin accounts and web users before executing multiple follow-on payloads."
""Unfortunately, the picture now painted allows for evidence-based confidence in the concern that Fortra's 'Am I Impacted?' section probably was not Fortra attempting to be overly helpful, but a thinly veiled way of sharing 'Indicators of Compromise,' the researchers wrote. They went on to say that, after discovering attacks began eight days prior to Fortra's advisory, researchers have concluded that defenders are at greater risk because they now have to trawl through even more logs to ensure their systems' safety."
"Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency. The experts over at watchTowr, never ones to mince their words, described the revelation as "an increasingly disappointing situation," criticizing Fortra for not sharing enough details about the exploitation status of CVE-2025-10035. The Register reported on the vulnerability last week after Fortra disclosed it on September 18."
Threat actors exploited the maximum-severity vulnerability CVE-2025-10035 in Fortra's GoAnywhere managed file transfer (MFT). Evidence indicates attacks began on September 10, eight days before Fortra's September 18 disclosure. Attackers exploited a pre-auth deserialization flaw to achieve remote code execution, then created backdoor administrative and web user accounts and deployed follow-on payloads. Fortra's advisory noted exploitation depends on internet exposure but did not confirm active exploitation. watchTowr criticized the vendor's limited transparency and warned that defenders now face increased burdens to trawl logs for indicators of compromise and impacted systems.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]