Essential Insights
-
High-Risk Vulnerability: Fortra has released urgent security updates for a critical vulnerability (CVE-2025-10035) in their GoAnywhere Managed File Transfer software, rated CVSS 10/10.
-
Potential Exploitation: The flaw could allow attackers to execute command injections if they manage to forge a valid license response, highlighting significant security risks.
-
Immediate Action Required: Users must ensure their GoAnywhere Admin Console is not publicly accessible online and update to the latest versions (7.8.4 or 7.6.3) to mitigate risks.
- Ongoing Threat Landscape: This vulnerability follows a pattern of severe risks previously identified in MFT products, with attackers increasingly targeting such software for malicious exploits.
[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Fortra GoAnywhere Bug Allows Command Injection’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
NEWS BRIEF
Fortra has released security updates for a maximum severity vulnerability found in GoAnywhere Managed File Transfer’s (MFT) License Servlet. It carries the highest possible CVSS score of 10 out of 10.
If exploited, the vulnerability (CVE-2025-10035) could allow a threat actor “with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection,” according to Fortra’s advisory. Fortra said it was first discovered on Sept. 11, but the advisory doesn’t specify by whom.
The vulnerability is addressed in either the latest release of GoAnywhere, 7.8.4, or the Sustain Release, 7.6.3. For additional mitigations, Fortra urged organizations and users to immediately make sure that access to the GoAnywhere Admin Console is not open to the public Internet.
“Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the Internet,” said Fortra in the advisory.
GoAnywhere MFT is a software product designed to help businesses securely transfer files. Attackers have flocked to vulnerabilities in MFT products in recent years, such as Progress Software’s MOVEit Transfer and, more recently, Cleo MFT.
CVE-2025-10035 follows other high severity vulnerabilities in Fortra’s GoAnywhere MFT software. In 2024, a proof-of-concept exploit for a critical flaw tracked as CVE-2024-0204 was published after customers were first informed privately of the flaw. And in 2023, the Cl0p ransomware group exploited a zero-day vulnerability in the MFT product, allowing attackers to deploy ransomware on systems in more than 130 organizations.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Discover More Technology Insights
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Explore past and present digital transformations on the Internet Archive.
CyberRisk-V1
