Fortra Releases Security Update for GoAnywhere MFT

Successful exploitation could allow an attacker to inject arbitrary commands

Threat ID:: CC-4701
Threat Severity:: Medium
Published:: 22 September 2025 2:48 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation could allow an attacker to inject arbitrary commands

Affected platforms

The following platforms are known to be affected:

Fortra GoAnywhere MFT

All prior to 7.8.4
All prior to Sustain 7.6.3

Threat details

Exploitation of CVE-2025-10035

Security researchers have determined that exploitation of CVE-2025-10035 has been observed in the wild.

Introduction

Forta has released a security update to address a critical vulnerability in the GoAnywhere Admin Console.

CVE-2025-10035 - Deserialisation of Untrusted Data vulnerability - CVSSv3: 10.0

Threat updates

Date	Update
26 Sep 2025	Exploitation of the vulnerability CVE-2025-10035 has been observed in the wild.

Remediation advice

Affected organisations are encouraged to review Fortra's Deserialization Vulnerability in GoAnywhere MFT's License Servlet advisory and apply relevant updates as soon as possible.

Definitive source of threat updates

https://www.fortra.com/security/advisories/product-security/fi-2025-012

CVE Vulnerabilities

Status Published

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Last edited: 26 September 2025 11:29 am