Concerning vulnerability found in GoAnywhere MFT

Fortra, the developer of the managed file transfer application GoAnywhere MFT, has disclosed a significant vulnerability that raises concerns among security experts regarding potential widespread exploitation. On 18 September, Fortra announced CVE-2025-10035, a deserialisation vulnerability in GoAnywhere MFT’s License Servlet that could allow unauthenticated remote code execution. The vulnerability was initially discovered on 11 September, and a patch has already been made available to address the issue. Fortra has advised its customers to ensure that access to the GoAnywhere Admin Console is not publicly accessible, as the risk of exploitation is heightened for systems exposed to the internet.

While Fortra has stated that it is unaware of any active exploitation of this vulnerability, Stephen Fewer, a security engineer at Rapid7, has indicated that it poses a significant threat. He noted that there is currently no known public exploit code for CVE-2025-10035, and the vendor has not reported any instances of the vulnerability being exploited in the wild. The situation underscores the importance of prompt action by organisations using GoAnywhere MFT to mitigate potential risks associated with this vulnerability.

Concerning vulnerability found in GoAnywhere MFT

Sophisticated Deception: How Nation-State Actors Play the Game of Trust with Cybersecurity Pros

Cybersecurity’s Hidden Weakness: Why Securing Critical Systems Never Stops

Medibank Breach Sparks Ransom Debate: What Really Happens When Hackers Demand Money?

OneLogin vulnerability allows API key exploits to obtain OIDC secrets and impersonate applications

Decoding Digital Intrusion: What Cybersecurity Forensics Really Looks Like

Cybersecurity in National Infrastructure: Lessons from Ukraine and Colonial Pipeline

Leave a Reply Cancel reply

Similar Posts

Leave a Reply Cancel reply