Fortra has revealed a critical security flaw in its GoAnywhere MFT software that could enable command execution if exploited. Cybersecurity experts warn that the vulnerability, similar to previous flaws exploited by ransomware groups, could soon be targeted in the wild. #CVE-2025-10035 #LockBit
Keypoints
- Fortraβs GoAnywhere MFT has a high-severity vulnerability (CVE-2025-10035) allowing command injection.
- The flaw involves deserialization in the License Servlet, exploitable via forged license responses.
- Exploitation requires the system to be publicly accessible over the internet.
- Previous vulnerabilities in the same product have been exploited by ransomware and APT groups.
- Organizations are urged to update to patched versions 7.8.4 or 7.6.3 immediately and restrict external access.
Read More: https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html