Deserialization Vulnerability in Fortra's GoAnywhere MFT
CVE-2025-10035
Key Information:
- Vendor
Fortra
- Status
- Vendor
- CVE Published:
- 18 September 2025
Badges
What is CVE-2025-10035?
CVE-2025-10035 is a security vulnerability identified in Fortra's GoAnywhere MFT, a secure managed file transfer solution designed to facilitate the safe transfer of sensitive data across networks. This vulnerability arises from a deserialization issue within the License Servlet, which can be exploited by an attacker possessing a forged license response signature. The exploitation of this vulnerability may allow the attacker to deserialize arbitrary objects they control, potentially leading to command injection. Such a security flaw could severely compromise the integrity and confidentiality of data, allowing unauthorized actions within the system that can disrupt business operations and lead to significant financial losses.
Potential impact of CVE-2025-10035
-
Command Injection Risks: The deserialization vulnerability permits attackers to execute arbitrary commands on affected systems. This could result in unauthorized access to sensitive files, manipulation of data, or even the installation of malicious software, heightening the risk of system breaches.
-
Data Integrity Compromise: Vulnerability exploitation could allow malicious actors to alter or delete important data during transmission or storage, undermining the trustworthiness of data managed by GoAnywhere MFT and potentially affecting regulatory compliance for data handling.
-
Operational Disruption: Successful exploitation may lead to significant operational disruptions, as systems may be rendered inoperable or could require extensive recovery efforts. This could lead to downtime and financial loss, as organizations may struggle to regain secure control over their data transfer processes.
CISA has reported CVE-2025-10035
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-10035 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
GoAnywhere MFT Linux 0 <= 7.8.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Medusa Ransomware Exploits Fortra GoAnywhere Bug
Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.
2 days ago

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft links Storm-1175 to GoAnywhere flaw CVE-2025-10035, exploited since September for Medusa ransomware.
2 days ago
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month.
2 days ago
References
EPSS Score
82% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
Used in Ransomware
- π¦
CISA Reported
- π
Vulnerability started trending
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved