{"id":14831,"date":"2025-09-19T21:22:24","date_gmt":"2025-09-19T21:22:24","guid":{"rendered":"https:\/\/newestek.com\/?p=14831"},"modified":"2025-09-19T21:22:24","modified_gmt":"2025-09-19T21:22:24","slug":"fortra-patches-critical-goanywhere-mft-flaw-akin-to-past-ransomware-exploits","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14831","title":{"rendered":"Fortra patches critical GoAnywhere MFT flaw akin to past ransomware exploits"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Users of Fortra\u2019s GoAnywhere MFT solution are urged to patch a critical vulnerability that could allow attackers to inject and execute arbitrary commands.<\/p>\n<p>The flaw, <a href=\"https:\/\/www.fortra.com\/security\/advisories\/product-security\/fi-2025-012\">tracked as CVE-2025-10035<\/a>, is rated with the maximum severity score of 10 on the CVSS scale. It stems from an insecure deserialization condition in the License Servlet component of the application.<\/p>\n<p>GoAnywhere MFT is an enterprise managed file transfer solution that allows organizations to securely exchange files between partners, employees, and internal systems using a variety of protocols. The product, <a href=\"https:\/\/www.csoonline.com\/article\/575481\/clop-ransomware-gang-exploits-the-moveit-transfer-vulnerability-to-steal-data.html\">as well as other MFT solutions<\/a>, has been targeted by ransomware gangs in the past as a way to gain initial access to enterprise networks.<\/p>\n<p>\u201cThe description and root cause of CVE-2025-10035 \u2014 a newly disclosed critical vulnerability in Fortra\u2019s GoAnywhere MFT solution \u2014 is virtually identical to that of CVE-2023-0669, another critical issue that was widely exploited by ransomware groups in 2023, including Cl0p,\u201d Caitlin Condon, vice president of research at security intelligence firm VulnCheck, told CSO via email. \u201cWhile it\u2019s not clear currently if CVE-2025-10035 has been exploited in the wild, it\u2019s safe to assume ransomware and other APT groups will be highly motivated to develop exploits targeting this new vulnerability.\u201d<\/p>\n<p>The new vulnerability was patched 5 days after it was discovered on Sept. 13. Users are advised to update to GoAnywhere MFT versions 7.8.4 and 7.6.3, depending on which release they\u2019re using.<\/p>\n<p>Successful exploitation depends on attackers having the ability to access the GoAnywhere Admin Console and send a validly forged license response signature to deserialize an arbitrary actor-controlled object. Fortra advises users to not expose the Admin Console directly to the internet.<\/p>\n<p>While there are currently no indications that a proof-of-concept exploit has been disclosed publicly or that attackers are already targeting this flaw, that is likely to change. When the Cl0p ransomware gang exploited CVE-2023-0669 in GoAnywhere as a zero-day in January 2023, the attackers claimed it resulted in the compromise of 130 organizations.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Users of Fortra\u2019s GoAnywhere MFT solution are urged to patch a critical vulnerability that could allow attackers to inject and execute arbitrary commands. The flaw, tracked as CVE-2025-10035, is rated with the maximum severity score of 10 on the CVSS scale. It stems from an insecure deserialization condition in the License Servlet component of the application. GoAnywhere MFT is an enterprise managed file transfer solution&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14831\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14831","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14831"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14831\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}