- CVE-2025-10035 is a critical deserialization flaw in GoAnywhere MFT
- Fortra urges users to patch immediately; no confirmed in-the-wild exploitation yet
- Vulnerability may allow command injection if systems are exposed to the internet
A critical-severity vulnerability was recently discovered in Fortra’s GoAnywhere MFT, with users urged to apply the fix as soon as possible.
GoAnywhere MFT is a tool that helps businesses send and receive files securely, designed to protect data during transfers, automate file-sharing tasks, and work with both cloud and on-prem systems.
In early 2023, the Cl0p ransomware group found a zero-day in the tool, and used it to attack more than 130 companies, including big names like Procter & Gamble and Hitachi Energy. Although Fortra quickly released a patch, many companies didn’t update in time, which allowed Cl0p to steal sensitive data such as personal and business information, and then use it to extort the victims for money.
Upgrading the software
This time around, there is no word of in-the-wild abuse, but Fortra did say that it discovered the bug “during a security check”.
The flaw is described as a deserialization vulnerability in the License Servlet of Fortra’s GoAnywhere MFT, allowing threat actors with a validly forged license response signature to deserialize an arbitrary actor-controlled object, “possibly leading to command injection.”
The bug is now tracked as CVE-2025-10035, and has a severity score of 10/10 (critical). It was fixed in GoAnywhere MFT 7.8.4 and Sustain Release 7.6.3, and users are advised to upgrade their software to the newest versions as soon as possible.
“Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet,” Fortra stressed.
Besides patching the flaw, GoAnywhere MFT users are also advised to monitor their Admin Audit logs for suspicious activity, and the log files for errors containing SignedObject.getObject: “If this string is present in an exception stack trace (similar to the following), then the instance was likely affected by this vulnerability.”
More details, as well as IoCs, can be found on this link.
Via BleepingComputer
You might also like
