Topic: cve-2025-10035

  • Fortra GoAnywhere MFT Zero-Day Actively Exploited

    Fortra GoAnywhere MFT Zero-Day Actively Exploited

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...

    Read More »
  • Unpatched Fortra GoAnywhere Flaw Risks Full System Takeover

    Unpatched Fortra GoAnywhere Flaw Risks Full System Takeover

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform allows full system takeover via a deserialization flaw in the License servlet, requiring immediate patching. Exploitation necessitates access to the admin console, echoing a 2023 incident where exposed consoles led to w...

    Read More »
  • Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability

    Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability

    Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...

    Read More »