Fortra has issued patches for a critical vulnerability in their GoAnywhere MFT software that could allow attackers to execute remote commands. Despite no evidence of active exploitation, the flaw poses a significant threat to exposed systems, especially given the history of previous exploits against Fortra products. #CVE202510035 #GoAnywhereMFT
Keypoints
- Fortra released security patches for a critical deserialization vulnerability in GoAnywhere MFT.
- The vulnerability can be exploited by forging license responses to achieve command injection.
- Unpatched systems with public access are at higher risk of remote code execution.
- Monitoring admin logs for suspicious activity is recommended to detect potential exploitation.
- Previous incidents involve Cl0p ransomware operators exploiting Fortra vulnerabilities in 2023.
Read More: https://www.securityweek.com/fortra-patches-critical-goanywhere-mft-vulnerability/