GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Latest reports suggest the critical GoAnywhere MFT vulnerability CVE-2025-10035, CVSS 10.0 is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately...

Exploit for CVE-2025-10035

CVE-2025-10035 A deserialization vulnerability in the License...

Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability

Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer MFT software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035 , carries a CVSS score of 10.0, indicating maximum severity. "A deserialization...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.6.3 / 7.7.x < 7.8.4 Deserialization (CVE-2025-10035)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is prior to 7.6.3 or 7.7.x prior to 7.8.4. It is, therefore, affected by a deserialization vulnerability: - A deserialization vulnerability in the License Servlet o...

CVE-2025-10035

creationtimestamp| type| source ---|---|--- 2025-09-18 23:50:19+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115227978540947435 2025-09-19 00:01:52+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lz5kqnimx52q 2025-09-19 12:12:00+00:00| seen|...