A critical vulnerability in Fortra GoAnywhere MFT was exploited by the Chinese ransomware group Storm-1175, leading to remote code execution and data breaches. Despite patches being released weeks ago, the exploitation has continued, highlighting ongoing security challenges with zero-day vulnerabilities. #CVE202510035 #Storm1175
Keypoints
- The CVE-2025-10035 vulnerability in Fortra GoAnywhere MFT was exploited as a zero-day shortly after disclosure.
- Threat actors used forged license signatures and deployed remote monitoring tools to achieve RCE.
- Storm-1175 has been actively targeting internet-facing instances since September 11, 2024.
- Successful exploitation depends on access to a private โserverkey1โ key, whose source remains unclear.
- Organizations are urged to update security protocols and Fortraโs advisories to mitigate ongoing risks.
Read More: https://www.securityweek.com/fortra-goanywhere-mft-zero-day-exploited-in-ransomware-attacks/