CVE-2025-10035

Name of the Vulnerable Software and Affected Versions Fortra GoAnywhere MFT versions prior to 7.8.4 and prior to 7.6.3

Description Fortra GoAnywhere MFT contains a critical deserialization vulnerability in the License Servlet (CVE-2025-10035). This flaw allows an attacker with a validly forged license response signature to deserialize an arbitrary actor-controlled object, potentially leading to remote code execution. Exploitation of this vulnerability has been observed in the wild, with threat actors, including the Storm-1175 group, deploying the Medusa ransomware. The vulnerability allows for unauthenticated remote command injection and has been exploited to gain initial access, establish persistence, and exfiltrate data. Over 20,000 systems are estimated to be exposed. The vulnerability was actively exploited before a patch was released.

Recommendations Update to version 7.8.4 or 7.6.3. Restrict access to the Admin Console.