A recent vulnerability in Fortraβs GoAnywhere MFT was exploited in the wild before patches were released, leading to remote code execution and backdoor creation. Experts warn that over 20,000 instances, including Fortune 500 companies, remain at risk if the private key is compromised. #CVE-2025-10035 #GoAnywhereMFT #CyberAttack #Fortune500
Keypoints
- The CVE-2025-10035 vulnerability allows command injection in GoAnywhere MFT.
- Threat actors exploited the flaw at least eight days before the official patch was released.
- Attackers used the vulnerability to create backdoor admin accounts and elevate privileges.
- Over 20,000 internet-exposed GoAnywhere instances were potentially vulnerable.
- Full exploitation depends on leaked private keys or other unknown access methods.
Read More: https://www.securityweek.com/recent-fortra-goanywhere-mft-vulnerability-exploited-as-zero-day/