Fortra has investigated and disclosed a critical vulnerability, CVE-2025-10035, in GoAnywhere Managed File Transfer that has been actively exploited since September 2025. Threat actors, including Storm-1175, are using this flaw to deploy ransomware, emphasizing the importance of timely updates and access restrictions. #GoAnywhereMFT #Storm1175 #MedusaRansomware
Keypoints
- Fortra discovered active exploitation of CVE-2025-10035 beginning September 11, 2025.
- The vulnerability is a deserialization flaw in the License Servlet that allows command injection.
- Threat actor Storm-1175 has exploited the vulnerability to deploy Medusa ransomware.
- Fortra released hotfixes and recommended restricting admin console internet access.
- The method by which attackers obtained private keys remains unclear.
Read More: https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html