Hackers are actively exploiting a critical vulnerability (CVE-2025-10035) in Fortraβs GoAnywhere MFT, leading to remote command execution and backdoor creation. Security researchers have credible evidence of in-the-wild exploitation before the public advisory, emphasizing the urgent need for system updates and mitigations. #CVE-2025-10035 #FortraGoAnywhere #ZeroDayExploit
Keypoints
- Hackers are exploiting a maximum severity vulnerability in Fortraβs GoAnywhere MFT.
- Fortra disclosed the flaw on September 18, 2025, but exploitation began earlier.
- Attackers create backdoor admin accounts and upload secondary payloads for persistent access.
- The vulnerability involves deserialization in the License Servlet allowing command injection without authentication.
- System administrators are advised to update to patched versions and remove public internet exposure of the Admin Console.