Close Menu
Cybercrime and Ransomware

Full Timeline Unveiled: CVE-2025-10035 Exploitation Details

Staff WriterBy No Comments4 Mins Read3 Views

Quick Takeaways

  1. Fortra’s investigation confirmed active exploitation of CVE-2025-10035 in GoAnywhere MFT since September 11, 2025, primarily impacting publicly accessible admin consoles.
  2. A critical patch was released promptly, with full versions 7.6.3 and 7.8.4 available by September 15, 2025, addressing the deserialization vulnerability that enables command injection without authentication.
  3. Threat actor Storm-1175 has been exploiting this vulnerability to deploy Medusa ransomware, with reports of unauthorized activity, although how they obtained necessary keys remains unclear.
  4. Fortra advises restricting admin console internet access, enabling monitoring, and updating software immediately to mitigate ongoing risks and limit exposure.

Underlying Problem

In October 2025, Fortra disclosed a critical vulnerability, CVE-2025-10035, found in its GoAnywhere Managed File Transfer (MFT) software, which has been actively exploited since September 11, 2025. The flaw, a deserialization vulnerability in the License Servlet, enabled attackers to inject commands without requiring authentication, effectively compromising the affected systems. Fortra’s investigation began on the day the issue was reported by a customer, revealing suspicious activity, and promptly led to notifying vulnerable clients—particularly those with exposed admin consoles accessible through the internet—and law enforcement. Within days, the company released patches to address the vulnerability, acknowledging that a limited number of incidents involved unauthorized activity, and advising users to restrict admin console exposure, monitor activity, and update their software. Meanwhile, Microsoft linked these exploits to the deployment of Medusa ransomware by threat actor Storm-1175, raising concerns about the breach’s broader implications. The fact that attackers managed to exploit this flaw despite cryptographic safeguards suggests a significant breach in security measures, prompting expert skepticism about how the threat actors obtained the necessary private keys and highlighting the seriousness of the exploited vulnerability.

Security Implications

Cyber risks, exemplified by the recent exploitation of CVE-2025-10035 in Fortra’s GoAnywhere Managed File Transfer, highlight the critical impact of vulnerabilities that can be actively exploited since their discovery, often leading to unauthorized access, command injection, and ransomware deployment, such as Medusa. These risks are predominantly borne by organizations with exposed administrative consoles accessible via the internet, emphasizing the importance of strict access controls, prompt patching, and continuous monitoring. When threat actors circumvent cryptographic safeguards—potentially obtaining private keys—they can escalate attacks, leading to significant operational disruptions, data breaches, and financial loss. The incident exemplifies how unpatched vulnerabilities in widely-used software pose persistent threats, and underscores the need for proactive security measures to mitigate potential damage from ongoing exploitations.

Possible Actions

Understanding the importance of prompt remediation when a critical vulnerability like Fortra’s CVE-2025-10035 is disclosed is vital to maintaining cybersecurity integrity. Delays in addressing such exploits can lead to widespread system compromises, data breaches, and long-term operational disruptions. Rapid response minimizes damage, restores trust, and strengthens defenses against future threats.

Mitigation Measures:

  • Software Patch
    Apply the latest security updates released by Fortra to close the vulnerability.

  • Access Controls
    Restrict system and network access, limiting exposure to trusted users only.

  • Vulnerability Scanning
    Conduct thorough scans to identify susceptible systems and prioritize patching efforts.

  • Network Segmentation
    Isolate critical systems to contain potential breaches stemming from exploitation.

  • Monitoring and Alerts
    Implement real-time monitoring to detect suspicious activity associated with CVE-2025-10035.

  • User Training
    Educate employees about potential attack vectors and best practices to prevent social engineering attacks.

  • Incident Response Plan
    Prepare a clear plan to respond swiftly should exploitation occur, minimizing impact and recovery time.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Understand foundational security frameworks via NIST CSF on Wikipedia.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.