All news with #goanywhere mft tag

Fri, October 10, 2025

Fortra Confirms Active Exploitation of GoAnywhere Flaw

#Security Advisory #Patch #Active Exploitation #Ransomware #Fortra #GoAnywhere MFT #Insecure Deserialization

🔒 Fortra disclosed its investigation into CVE-2025-10035, a deserialization vulnerability in the GoAnywhere License Servlet that has been exploited since September 11, 2025. The vendor issued a hotfix within 24 hours and published patched builds (7.6.3 and 7.8.4) on September 15, saying the risk is limited to admin consoles exposed to the public internet. Microsoft attributes observed exploitation to threat actor Storm-1175, which deployed Medusa ransomware; Fortra recommends restricting internet access to admin consoles, enabling monitoring, and keeping software up to date.

Mon, October 6, 2025

Critical GoAnywhere MFT Flaw Exploited in Medusa Attacks

#Ransomware #Active Exploitation #Zero-Day #Insecure Deserialization #GoAnywhere MFT #Microsoft #Medusa

⚠️ Microsoft warns that a critical deserialization vulnerability in GoAnywhere MFT (CVE-2025-10035) has been actively exploited by a Medusa ransomware affiliate tracked as Storm-1175 since early September. The License Servlet flaw enables remote compromise without user interaction, allowing attackers to gain initial access and persist via abused RMM tools. Administrators should apply Fortra's patches and inspect logs for SignedObject.getObject stack traces.

Fri, September 26, 2025

Maximum-severity GoAnywhere MFT zero-day exploited

#Zero-Day #Active Exploitation #Insecure Deserialization #RCE #GoAnywhere MFT

⚠️ Fortra's GoAnywhere MFT is being exploited in the wild via a deserialization flaw tracked as CVE-2025-10035 in the License Servlet, enabling unauthenticated remote command injection when attackers supply a forged license response signature. WatchTowr Labs reports credible evidence of exploitation dating back to September 10, 2025, prior to Fortra's advisory published on September 18. Administrators should apply patches to 7.8.4 or 7.6.3, remove public Admin Console exposure, and search logs for the error string 'SignedObject.getObject'.

Fri, September 19, 2025

Fortra patches critical GoAnywhere MFT deserialization bug

#Security Advisory #Patch #Insecure Deserialization #Ransomware #Fortra #GoAnywhere MFT

⚠ Users of GoAnywhere MFT are urged to install an urgent patch for a critical insecure deserialization vulnerability tracked as CVE-2025-10035, rated CVSS 10. The flaw resides in the License Servlet and can allow an attacker with access to the Admin Console to submit a forged license response that deserializes an arbitrary, actor-controlled object, enabling remote command execution. Fortra released fixes in versions 7.8.4 and 7.6.3 and advises customers not to expose the Admin Console directly to the internet. The issue closely mirrors a 2023 vulnerability that was widely exploited by ransomware groups, elevating the risk of rapid exploitation.