Deserialization Vulnerability in Fortra's GoAnywhere MFT
CVE-2025-10035

10CRITICAL

Key Information:

Vendor

Fortra

Vendor
CVE Published:
18 September 2025

Badges

📈 Trended📈 Score: 2,770💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 47%🦅 CISA Reported📰 News Worthy

What is CVE-2025-10035?

CVE-2025-10035 is a security vulnerability identified in Fortra's GoAnywhere MFT, a secure managed file transfer solution designed to facilitate the safe transfer of sensitive data across networks. This vulnerability arises from a deserialization issue within the License Servlet, which can be exploited by an attacker possessing a forged license response signature. The exploitation of this vulnerability may allow the attacker to deserialize arbitrary objects they control, potentially leading to command injection. Such a security flaw could severely compromise the integrity and confidentiality of data, allowing unauthorized actions within the system that can disrupt business operations and lead to significant financial losses.

Potential impact of CVE-2025-10035

  1. Command Injection Risks: The deserialization vulnerability permits attackers to execute arbitrary commands on affected systems. This could result in unauthorized access to sensitive files, manipulation of data, or even the installation of malicious software, heightening the risk of system breaches.

  2. Data Integrity Compromise: Vulnerability exploitation could allow malicious actors to alter or delete important data during transmission or storage, undermining the trustworthiness of data managed by GoAnywhere MFT and potentially affecting regulatory compliance for data handling.

  3. Operational Disruption: Successful exploitation may lead to significant operational disruptions, as systems may be rendered inoperable or could require extensive recovery efforts. This could lead to downtime and financial loss, as organizations may struggle to regain secure control over their data transfer processes.

CISA has reported CVE-2025-10035

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-10035 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

GoAnywhere MFT Linux 0 <= 7.8.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Why Supply Chain Security Now Needs Threat-Informed TPRM

As attackers exploit the supply chain, organizations that fail to integrate CTI and TPRM risk being blindsided by the vulnerabilities of their partners.

2 weeks ago

Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook

When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another...

2 weeks ago

Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says

Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra's GoAnywhere file transfer tool.

3 weeks ago

References

EPSS Score

47% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-10035 : Deserialization Vulnerability in Fortra's GoAnywhere MFT