CVE-2025-10035
Published Sep 18, 2025
Last updated a month ago
AI description
CVE-2025-10035 is a deserialization vulnerability found in the License Servlet of Fortra's GoAnywhere MFT. It allows an attacker with a validly forged license response signature to deserialize an arbitrary, attacker-controlled object. This could potentially lead to command injection. To remediate this vulnerability, it is recommended to update GoAnywhere MFT to version 7.8.4. It is also advised to ensure that access to the GoAnywhere Admin Console is not open to the public, as exploitation of this vulnerability is highly dependent on systems being externally exposed to the internet.
- Description
- A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
- Source
- df4dee71-de3a-4139-9588-11b62fe6c0ff
- NVD status
- Analyzed
- Products
- goanywhere_managed_file_transfer
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Sep 29, 2025
- Exploit action due
- Oct 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/7NJbpdGL94 #CyberSecurity #Vulnerability #CVE2025 #Ransomware #DataProtection https://t.co/ro4pBWeXDW
@blueteamsec1
9 Nov 2025
1473 Impressions
2 Retweets
9 Likes
1 Bookmark
2 Replies
0 Quotes
#VulnerabilityReport #CVE202510035 CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation https://t.co/2wqWDirEKz
@Komodosec
25 Oct 2025
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
تسريب Medusa لأكثر من 186 غيغابايت من بيانات Comcast بعد هجوم فدية يثبت أن حتى أكبر شركات التقنية ليست في مأمن. الهجوم اعتمد غالبًا على استغلال ثغرة خطيرة في أداة
@ahmedCS0
25 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation #CISO https://t.co/gH3jF7lCqA https://t.co/Dy9jqaLvqS
@compuchris
22 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unveiling the Complete Timeline of CVE-2025-10035 Exploitation: Fortra's Journey from Detection to Patch https://t.co/JTtGjenMq0
@bennettTechInno
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
18 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
17 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-10035 - Fortra GoAnywhere MFT vulnerability https://t.co/XA108jgjAF https://t.co/H3WvxT2V3A
@jamesboykin11
16 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
16 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/zTSmsS0zXR Oct 10, 2025Ravie LakshmananVulnerability / Network Security Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security
@f1tym1
16 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/10 ✳️ Zero-days & data leaks: this week’s Threat Analysis (Oct 7–14) Oracle EBS emergency patch #2, Salesforce ecosystem leaks, GoAnywhere CVE-2025-10035 exploitation, healthcare disclosures + EU/UK actions. Full brief 👉 https://t.co/A9EhxnzJfF
@TrescudoCyber
15 Oct 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. https://t.co/UJncBSdwzo
@blackwired32799
14 Oct 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Microsoft Ties Storm-1175 to GoAnywhere Zero-Day & Medusa Ransomware https://t.co/O5PJ8O0dgH Microsoft says threat actor Storm-1175 has been exploiting CVE-2025-10035, a critical deserialization flaw in GoAnywhere MFT, to deploy Medusa ransomware. The exploit chain
@Huntio
13 Oct 2025
2526 Impressions
4 Retweets
25 Likes
8 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
13 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/KRUW50aRnz
@PVynckier
12 Oct 2025
160 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortra uncovers the complete journey of CVE-2025-10035 exploitation, from initial detection to the final patch. Dive into the full timeline! #Cybersecurity #Fortra ⤵️
@xcybersecnews
12 Oct 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical alert: CVE-2025-10035 in GoAnywhere MFT is under active exploitation! Unauthenticated remote command injection puts systems at risk of ransomware & data loss. Patch ASAP & restrict admin console access. Details: https://t.co/TMzAVz1Yrz... https://t.co/84M2pX
@offseq
12 Oct 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
11 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Zero-Day Playbook: Fortra Reveals the Critical Hour-by-Hour Timeline of CVE-2025-10035 Exploitation Read the full report on - https://t.co/JBYh9xiSlJ https://t.co/gDHejShuKe
@Iambivash007
10 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10035 Alert Fortra confirms active exploitation of a critical RCE flaw in GoAnywhere MFT. Linked to Storm 1175 and Medusa ransomware. Admin consoles exposed to the internet are at highest risk. Patch now (v7.6.3 or 7.8.4) and restrict public access. #CyberSecurity htt
@CloneSystemsInc
10 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/DnicvscCLj
@chundefined
10 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/bmOaWDPDYM
@buzz_sec
10 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check out this summarized news story 👀 Fortra Details Timeline of CVE-2025-10035 Exploitation https://t.co/Hewp7nMYsX
@mynewswave
10 Oct 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/fuv5LaBMf9 https://t.co/PuNC4XI8R5
@RigneySec
10 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We've added a Fortra GoAnywhere honeypot onto Defused 🍯 GoAnywhere MFT recently dropped CVE-2025-10035 (a deserialization vulnerability) which was fairly recently added to CISA KEV For a limited time, deploy for free 👉 https://t.co/GXFaqghsXI https://t.co/zUeB7ja2p2
@DefusedCyber
9 Oct 2025
5719 Impressions
5 Retweets
26 Likes
5 Bookmarks
0 Replies
2 Quotes
Microsoft links Storm-1175 to active exploitation of GoAnywhere CVE-2025-10035 — leading to Medusa ransomware attacks! https://t.co/kK1Z6w9QIM #CyberSecurity #Ransomware #Vulert #GoAnywhere #CVE202510035
@vulert_official
9 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📊 The GoAnywhere CVE-2025-10035 case demonstrates supply chain blast radius perfectly. Bitsight's analysis: one vendor misses a patch, hundreds of downstream clients get exposed. The traditional TPRM questionnaire model can't catch this—you need live CTI feeds integrated in
@the_c_protocol
8 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Medusa Ransomware Exploits File Transfer Bug 🚨 Microsoft confirms that threat actors are using Medusa ransomware to exploit a critical flaw (CVE-2025-10035) for system discovery and lateral movement. Learn more → https://t.co/lXbEoxPphL #Ransomware #GoAnywhere
@TWX_Assassins
8 Oct 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Vulnerability Report: Ranking the Industries Most Impacted by Recent High-Severity Exploits (CVE-2025-61882, CVE-2025-10035, etc.) Read the full report on - https://t.co/37NK453Que https://t.co/ErXVQjhw6M
@Iambivash007
8 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Bugünün Siber Güvenlik Gündemi | 8 Ekim 2025 Microsoft, GoAnywhere Managed File Transfer (MFT) ürünüyle ilgili CVE-2025-10035 numaralı kritik açığın, fidye yazılımı grubu Storm-1175 tarafından aktif olarak istismar edildiğini duyurdu. https://t.co/RYrTvcmCL
@KamCyberTR
8 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Storm-1175 just weaponized a zero-day in GoAnywhere MFT (CVE-2025-10035) to drop Medusa ransomware. The exploit is beautifully nasty—bypasses auth entirely through the License Servlet. One request, full server takeover. They're using it to plant RMM tools (MeshAgent, http
@the_c_protocol
8 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Microsoft Links Storm-1175 to GoAnywhere Exploit A critical GoAnywhere flaw (CVE-2025-10035) is being exploited to deploy Medusa ransomware. 🔗 https://t.co/CaZUxL0ghD #CyberSecurity #Ransomware #Microsoft #ThreatAlert #TechPIO https://t.co/IufENrECoU
@techpio_team
8 Oct 2025
58 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks! A maximum-severity bug (CVE-2025-10035) in GoAnywhere MFT is being actively exploited by the threat group Storm-1175 in Medusa ransomware campaigns. The flaw allows remote code execution via untrusted https://t
@ChbibAnas
8 Oct 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Medusa ransomware is exploiting CVE-2025-10035 in GoAnywhere. Learn how real-time ransomware intelligence boosts defense against this high-severity t
@PurpleOps_io
8 Oct 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft just confirmed a critical GoAnywhere flaw (CVE-2025-10035) — already exploited to deploy Medusa ransomware. Attackers had a month-long head start — silently breaching orgs while vendors stayed quiet It’s not just RCE it’s persistence, lateral movement, and
@neurasoftdev
8 Oct 2025
48 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#threatreport #MediumCompleteness Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | 06-10-2025 Source: https://t.co/JoAQvJhxWM Key details below ↓ 🧑💻Actors/Campaigns: Storm-1175 (🧠motivation: cyber_criminal) 💀T
@rst_cloud
7 Oct 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Crypto fraud spikes with AI deepfakes, ransomware zero-days, and massive data leaks dominating the last hour’s critical cyber updates: 🛡️ Storm-1175 ransomware exploits zero-day CVE-2025-10035 in Fortra’s GoAnywhere MFT for remote code execution, lateral moves, data the
@np_cyber_news
7 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GoAnywhere RCE via Forged License Exploit (CVE-2025-10035) On September 18, 2025, a critical vulnerability (CVE-2025-10035) in the GoAnywhere Managed File Transfer (MFT) product was disclosed. The flaw lies in the license servlet’s deserialization logic: an attacker who crafts
@SPSDigitalTech
7 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-10035: The GoAnywhere Zero-Day Nightmare Storm-1175 exploited this CVSS 10.0 flaw BEFORE it was even disclosed. Medusa ransomware + license servlet deserialization = perfect storm. The scariest part? They somehow got Fortra's private signing key 🔐 20,000+ http
@ctrlaltnod
7 Oct 2025
46 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Investigating Active Exploitation Of CVE-2025-10035 GoAnywhere Managed File Transfer Vulnerability https://t.co/FqCDAlznSx #news
@packet_storm
7 Oct 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Originally from: MS Threat Intel: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability https://t.co/Q0fxaxanGm ( :-{ı▓ #CTI #cybersecurity #cyberresearch https://t.co/dnfM1wg2ft
@Cyb3rR3s34rch
7 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ @Microsoft confirms Storm-1175 is exploiting a critical GoAnywhere MFT bug (CVE-2025-10035) in Medusa ransomware attacks. - Remote deserialization flaw - Lateral movement using RMM tools - File exfiltration via Rclone - Deployed ransomware payloads 💬 Has your GoAnywhere
@TechNadu
7 Oct 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability https://t.co/e5CaLhd4Q0 A critical deserialization vulnerability, identified as CVE-2025-10035 with a CVSS score of 10.0, has been discovered in GoAnywhere MFT’s License Servlet.
@f1tym1
7 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta de segurança! Uma falha crítica no GoAnywhere MFT está sendo explorada por cibercriminosos para espalhar o ransomware Medusa. 🔍 Identificada como CVE-2025-10035, a vulnerabilidade permite execução remota de código (RCE) sem autenticação dando aos invasores
@TechStartXYZ
7 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⌨️ Microsoft fixes the wave of attacks Medusa Due to the critical deperialization vulnerability in Fortra GoanyWhere (Cve-2025-10035, CVSS 10.0): Group Storm-1175 uses open web interfaces, puts RMM (SIMPLEHELP, MESHAGENT), moves over the network through mstsc.exe, exfoliate d
@Hack_Your_Mom
7 Oct 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft indaga lo sfruttamento attivo della falla critica CVE-2025-10035 in GoAnywhere MFT Vulnerabilità, GoAnywhere, medusa, Microsoft Defender, Ransomware, Storm-1175 https://t.co/ac1ZdOD5MJ https://t.co/gIz1vq40WG
@matricedigitale
7 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Threat Intelligence confirms that Storm 1175, known for deploying Medusa ransomware and exploiting public-facing applications, is actively exploiting the CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability. https://t.co/Iz1EjaZee7 https://t.co/h98ccYRAqp
@virusbtn
7 Oct 2025
1637 Impressions
6 Retweets
22 Likes
2 Bookmarks
4 Replies
0 Quotes
📌 نسبت مايكروسوفت مجموعة تهديدات تُعرف بـ Storm-1175 لاستغلال ثغرة أمنية حرجة في برنامج GoAnywhere من Fortra لنشر برمجيات فدية Medusa. الثغرة، CVE-2025-10035، هي خطأ شديد في ال
@Cybercachear
7 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft just confirmed a critical GoAnywhere flaw (CVE-2025-10035) — already exploited to deploy Medusa ransomware. Attackers had a month-long head start — silently breaching orgs while vendors stayed quiet. It’s not just RCE — it’s persistence, lateral movemen
@TheHackersNews
7 Oct 2025
33191 Impressions
117 Retweets
278 Likes
80 Bookmarks
5 Replies
10 Quotes
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability https://t.co/uhIyACsdmN #patchmanagement
@eyalestrin
7 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF143971-7546-4C90-B0D0-A3E08536BF4F",
"versionEndExcluding": "7.6.3"
},
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "479CA63D-4C41-4CA1-9655-A8BD43311CEA",
"versionEndExcluding": "7.8.4",
"versionStartIncluding": "7.7.0"
}
],
"operator": "OR"
}
]
}
]