#active-exploitation

[ follow ]
#cve-2025-10035 #fortra-goanywhere #deserialization-vulnerability #command-injection #citrix-netscaler
Information security
fromThe Hacker News
1 week ago

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
fromComputerWeekly.com
1 month ago

Three new Citrix NetScaler zero-days under active exploitation | Computer Weekly

Citrix has issued patches in order to fix three newly-designated common vulnerabilities and exposures (CVEs) in the widely used NetScaler Application Delivery Controller (ADC) and NetScaler Gateway lines. The trio of bugs, which are tracked as CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 are, respectively, a memory overflow vulnerability that leads either to pre-authentication remote code execution (RCE) or denial of service (DoS), or both.
Information security
[ Load more ]