CVE-2025-10035

Name of the Vulnerable Software and Affected Versions Fortra GoAnywhere MFT versions prior to 7.8.4 and prior to 7.6.3.

Description Fortra GoAnywhere MFT contains a critical deserialization vulnerability in the License Servlet (CVE-2025-10035). This vulnerability allows a remote, unauthenticated attacker to deserialize an arbitrary object controlled by the attacker, potentially leading to remote code execution. The vulnerability has been actively exploited by the Storm-1175 threat actor, associated with the Medusa ransomware group, since September 10, 2025, prior to the public disclosure on September 18, 2025. Exploitation involves bypassing authentication and deploying malicious payloads. Approximately 20,000 instances are estimated to be exposed. The vulnerability allows for remote code execution and potential data exfiltration.

Recommendations Update Fortra GoAnywhere MFT to version 7.8.4 or 7.6.3. Restrict access to the Admin Console to mitigate the risk.