GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT's License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response...

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT's License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response...

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer MFT software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not...

VulnCheck KEV: CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

Exploit for CVE-2025-10035

CVE-2025-10035 A deserialization vulnerability in the License...

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Overview On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that ha...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.6.3 / 7.7.x < 7.8.4 Deserialization (CVE-2025-10035)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is prior to 7.6.3 or 7.7.x prior to 7.8.4. It is, therefore, affected by a deserialization vulnerability: - A deserialization vulnerability in the License Servlet o...

Vulnerability fixed in Fortra's GoAnywhere MFT

Fortra has fixed a vulnerability in GoAnywhere MFT License Servlet Specifically. The vulnerability is in the deserialization of a controlled object within the License Servlet. An attacker could use a forged license response signature to perform command injection, which could lead to unauthorized...

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

CVE-2025-10035

CVE-2025-10035 – GoAnywhere MFT deserialization flaw in the License Servlet allows an attacker with a forged license response signature to deserialize attacker-controlled data, potentially enabling command injection and remote code execution. Public analyses indicate the vulnerability affects GoA...

EUVD-2025-30225

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT that stems from improper deserialization of the License Servlet, which could lead to a command injection attack...

PT-2025-38495

Name of the Vulnerable Software and Affected Versions Fortra GoAnywhere MFT versions prior to 7.8.4 and 7.6.3. Description Fortra GoAnywhere MFT contains a critical deserialization vulnerability in the License Servlet. This allows an attacker with a forged license response signature to deserializ...

CVE-2023-0669

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...