CVE-2025-10035
Published Sep 18, 2025
Last updated 6 months ago
AI description
CVE-2025-10035 is a deserialization vulnerability found in the License Servlet of Fortra's GoAnywhere MFT. It allows an attacker with a validly forged license response signature to deserialize an arbitrary, attacker-controlled object. This could potentially lead to command injection. To remediate this vulnerability, it is recommended to update GoAnywhere MFT to version 7.8.4. It is also advised to ensure that access to the GoAnywhere Admin Console is not open to the public, as exploitation of this vulnerability is highly dependent on systems being externally exposed to the internet.
- Description
- A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
- Source
- df4dee71-de3a-4139-9588-11b62fe6c0ff
- NVD status
- Analyzed
- Products
- goanywhere_managed_file_transfer
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Sep 29, 2025
- Exploit action due
- Oct 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
https://t.co/91APRSoKTf 마이크로소프트(MS) 위협 인텔리전스 팀의 최신 조사 결과에 따르면, 이들은 보안 패치가 배포되기 전인 취약점 ‘CVE-2025-10035’ 등을 악용해 시스템을 장악한 것으로 확인됐다. 지난 2023년을 기
@cheolsoo8
8 Apr 2026
172 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: Storm-1175 unleashes Medusa ransomware at high velocity, exploiting N-day & zero-day flaws like CVE-2025-10035 in GoAnywhere MFT for rapid attacks! Microsoft warns of persistence via RMM tools & data exfil. Patch now! #CyberSecurity #InfoSec #Hacking https:
@Archange_Shadow
7 Apr 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
THREAT ALERT: Storm-1175 Blitz China-linked group weaponizing zero-days in SmarterMail (CVE-2026-23760) & GoAnywhere (CVE-2025-10035) for Medusa Ransomware. ⏱️ Speed: <24hrs to encrypt 🎯 Target: Edge assets (VPN/Mail) 🛡️ Action: Patch NOW #CyberSecurity #Zero
@swapnil_mengi
7 Apr 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Storm-1175 exploited zero-day vulnerabilities CVE-2025-10035 and CVE-2026-23760 to deploy Medusa ransomware within 24 hours of initial compromise. The China-based group rapidly escalated privileges, moved laterally through credential theft, and exfiltrated data before encryption.
@aviatrixtrc
7 Apr 2026
150 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Medusa ransomware campaigns (Storm-1175 / Medusa affiliates) 📅 Date: 2026-04-06 📆 Timeline: Medusa RaaS tracked since 2023; Storm-1175 rapidly weaponized N-days and multiple zero-days (e.g., CVE-2026-23760 SmarterMail, CVE-2025-10035 GoAnywhere MFT) acr
@syedaquib77
6 Apr 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Microsoft links Medusa ransomware affiliate to zero-day attacks (Storm-1175) 📅 Date: 2026-04-06 (Microsoft publication) 📆 Timeline: Active since at least 2023; 2024–2026 saw multiple n-day exploitations and exploit chaining. CVE-2025-10035 (GoAnywhere
@syedaquib77
6 Apr 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Microsoft links China-based Storm-1175 to Medusa ransomware campaigns exploiting 16+ vulns including CVE-2025-10035 and CVE-2026-23760, hitting 300+ critical infrastructure orgs. https://t.co/x801FvMvlK
@threatcluster
6 Apr 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware https://t.co/Y7TULeOEuQ The post The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware appeared first on Daily CyberSecurity. Related posts: Critical RCE (CVE-2025-10035
@f1tym1
6 Apr 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: Microsoft links China-based Storm-1175 ransomware crew to zero-day exploits in GoAnywhere MFT (CVE-2025-10035), leading to data theft & Medusa ransomware drops. Patch now! #CyberSecurity #InfoSec #Hacking https://t.co/izuRgN4mdN
@Archange_Shadow
6 Apr 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 #CVE202510035 #GoAnywhereMFT #InTheWildExploitation #SecurityTransparency #BackdoorAccount https://t.co/RjSb8FpG8D
@reverseame
11 Feb 2026
1330 Impressions
6 Retweets
21 Likes
13 Bookmarks
0 Replies
0 Quotes
Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035) #GoAnywhereMFT #CVE202510035 #Deserialization #AuthBypass #PreAuthRCE https://t.co/l5dg2Q21iz
@reverseame
10 Feb 2026
1009 Impressions
1 Retweet
8 Likes
5 Bookmarks
0 Replies
0 Quotes
Fortra Patches Critical GoAnywhere MFT Vulnerability Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek...
@SecurityAid
20 Jan 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting Fortra GoAnywhere CVE-2025-10035 from 50.7.253.114 🇸🇬( FDCSERVERS ) using two different variations of the exploit VirusTotal Detections: 0/93 🟢 This IP has resolved to multiple low-reputation / throwaway domains over time https://t.co/KUy9rSH6Te
@DefusedCyber
9 Jan 2026
2642 Impressions
8 Retweets
28 Likes
5 Bookmarks
1 Reply
1 Quote
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/7NJbpdGL94 #CyberSecurity #Vulnerability #CVE2025 #Ransomware #DataProtection https://t.co/ro4pBWeXDW
@blueteamsec1
9 Nov 2025
1473 Impressions
2 Retweets
9 Likes
1 Bookmark
2 Replies
0 Quotes
#VulnerabilityReport #CVE202510035 CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation https://t.co/2wqWDirEKz
@Komodosec
25 Oct 2025
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
تسريب Medusa لأكثر من 186 غيغابايت من بيانات Comcast بعد هجوم فدية يثبت أن حتى أكبر شركات التقنية ليست في مأمن. الهجوم اعتمد غالبًا على استغلال ثغرة خطيرة في أداة
@ahmedCS0
25 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation #CISO https://t.co/gH3jF7lCqA https://t.co/Dy9jqaLvqS
@compuchris
22 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unveiling the Complete Timeline of CVE-2025-10035 Exploitation: Fortra's Journey from Detection to Patch https://t.co/JTtGjenMq0
@bennettTechInno
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
18 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
17 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-10035 - Fortra GoAnywhere MFT vulnerability https://t.co/XA108jgjAF https://t.co/H3WvxT2V3A
@jamesboykin11
16 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
16 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/zTSmsS0zXR Oct 10, 2025Ravie LakshmananVulnerability / Network Security Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security
@f1tym1
16 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/10 ✳️ Zero-days & data leaks: this week’s Threat Analysis (Oct 7–14) Oracle EBS emergency patch #2, Salesforce ecosystem leaks, GoAnywhere CVE-2025-10035 exploitation, healthcare disclosures + EU/UK actions. Full brief 👉 https://t.co/A9EhxnzJfF
@TrescudoCyber
15 Oct 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. https://t.co/UJncBSdwzo
@blackwired32799
14 Oct 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Microsoft Ties Storm-1175 to GoAnywhere Zero-Day & Medusa Ransomware https://t.co/O5PJ8O0dgH Microsoft says threat actor Storm-1175 has been exploiting CVE-2025-10035, a critical deserialization flaw in GoAnywhere MFT, to deploy Medusa ransomware. The exploit chain
@Huntio
13 Oct 2025
2526 Impressions
4 Retweets
25 Likes
8 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
13 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/KRUW50aRnz
@PVynckier
12 Oct 2025
160 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortra uncovers the complete journey of CVE-2025-10035 exploitation, from initial detection to the final patch. Dive into the full timeline! #Cybersecurity #Fortra ⤵️
@xcybersecnews
12 Oct 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical alert: CVE-2025-10035 in GoAnywhere MFT is under active exploitation! Unauthenticated remote command injection puts systems at risk of ransomware & data loss. Patch ASAP & restrict admin console access. Details: https://t.co/TMzAVz1Yrz... https://t.co/84M2pX
@offseq
12 Oct 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-10035
@transilienceai
11 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Zero-Day Playbook: Fortra Reveals the Critical Hour-by-Hour Timeline of CVE-2025-10035 Exploitation Read the full report on - https://t.co/JBYh9xiSlJ https://t.co/gDHejShuKe
@cyberbivash
10 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10035 Alert Fortra confirms active exploitation of a critical RCE flaw in GoAnywhere MFT. Linked to Storm 1175 and Medusa ransomware. Admin consoles exposed to the internet are at highest risk. Patch now (v7.6.3 or 7.8.4) and restrict public access. #CyberSecurity htt
@CloneSystemsInc
10 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/DnicvscCLj
@chundefined
10 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/bmOaWDPDYM
@buzz_sec
10 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check out this summarized news story 👀 Fortra Details Timeline of CVE-2025-10035 Exploitation https://t.co/Hewp7nMYsX
@mynewswave
10 Oct 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://t.co/fuv5LaBMf9 https://t.co/PuNC4XI8R5
@RigneySec
10 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We've added a Fortra GoAnywhere honeypot onto Defused 🍯 GoAnywhere MFT recently dropped CVE-2025-10035 (a deserialization vulnerability) which was fairly recently added to CISA KEV For a limited time, deploy for free 👉 https://t.co/GXFaqghsXI https://t.co/zUeB7ja2p2
@DefusedCyber
9 Oct 2025
5719 Impressions
5 Retweets
26 Likes
5 Bookmarks
0 Replies
2 Quotes
Microsoft links Storm-1175 to active exploitation of GoAnywhere CVE-2025-10035 — leading to Medusa ransomware attacks! https://t.co/kK1Z6w9QIM #CyberSecurity #Ransomware #Vulert #GoAnywhere #CVE202510035
@vulert_official
9 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📊 The GoAnywhere CVE-2025-10035 case demonstrates supply chain blast radius perfectly. Bitsight's analysis: one vendor misses a patch, hundreds of downstream clients get exposed. The traditional TPRM questionnaire model can't catch this—you need live CTI feeds integrated in
@the_c_protocol
8 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Medusa Ransomware Exploits File Transfer Bug 🚨 Microsoft confirms that threat actors are using Medusa ransomware to exploit a critical flaw (CVE-2025-10035) for system discovery and lateral movement. Learn more → https://t.co/lXbEoxPphL #Ransomware #GoAnywhere
@TWX_Assassins
8 Oct 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Vulnerability Report: Ranking the Industries Most Impacted by Recent High-Severity Exploits (CVE-2025-61882, CVE-2025-10035, etc.) Read the full report on - https://t.co/37NK453Que https://t.co/ErXVQjhw6M
@cyberbivash
8 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Bugünün Siber Güvenlik Gündemi | 8 Ekim 2025 Microsoft, GoAnywhere Managed File Transfer (MFT) ürünüyle ilgili CVE-2025-10035 numaralı kritik açığın, fidye yazılımı grubu Storm-1175 tarafından aktif olarak istismar edildiğini duyurdu. https://t.co/RYrTvcmCL
@KamCyberTR
8 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Storm-1175 just weaponized a zero-day in GoAnywhere MFT (CVE-2025-10035) to drop Medusa ransomware. The exploit is beautifully nasty—bypasses auth entirely through the License Servlet. One request, full server takeover. They're using it to plant RMM tools (MeshAgent, http
@the_c_protocol
8 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Microsoft Links Storm-1175 to GoAnywhere Exploit A critical GoAnywhere flaw (CVE-2025-10035) is being exploited to deploy Medusa ransomware. 🔗 https://t.co/CaZUxL0ghD #CyberSecurity #Ransomware #Microsoft #ThreatAlert #TechPIO https://t.co/IufENrECoU
@techpio_team
8 Oct 2025
58 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks! A maximum-severity bug (CVE-2025-10035) in GoAnywhere MFT is being actively exploited by the threat group Storm-1175 in Medusa ransomware campaigns. The flaw allows remote code execution via untrusted https://t
@ChbibAnas
8 Oct 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Medusa ransomware is exploiting CVE-2025-10035 in GoAnywhere. Learn how real-time ransomware intelligence boosts defense against this high-severity t
@PurpleOps_io
8 Oct 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft just confirmed a critical GoAnywhere flaw (CVE-2025-10035) — already exploited to deploy Medusa ransomware. Attackers had a month-long head start — silently breaching orgs while vendors stayed quiet It’s not just RCE it’s persistence, lateral movement, and
@neurasoftdev
8 Oct 2025
48 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#threatreport #MediumCompleteness Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | 06-10-2025 Source: https://t.co/JoAQvJhxWM Key details below ↓ 🧑💻Actors/Campaigns: Storm-1175 (🧠motivation: cyber_criminal) 💀T
@rst_cloud
7 Oct 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Crypto fraud spikes with AI deepfakes, ransomware zero-days, and massive data leaks dominating the last hour’s critical cyber updates: 🛡️ Storm-1175 ransomware exploits zero-day CVE-2025-10035 in Fortra’s GoAnywhere MFT for remote code execution, lateral moves, data the
@np_cyber_news
7 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF143971-7546-4C90-B0D0-A3E08536BF4F",
"versionEndExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "479CA63D-4C41-4CA1-9655-A8BD43311CEA",
"versionEndExcluding": "7.8.4",
"versionStartIncluding": "7.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]