Deserialization Vulnerability in Fortra's GoAnywhere MFT
CVE-2025-10035
Key Information:
- Vendor
Fortra
- Status
- Vendor
- CVE Published:
- 18 September 2025
Badges
What is CVE-2025-10035?
CVE-2025-10035 is a security vulnerability identified in Fortra's GoAnywhere MFT, a secure managed file transfer solution designed to facilitate the safe transfer of sensitive data across networks. This vulnerability arises from a deserialization issue within the License Servlet, which can be exploited by an attacker possessing a forged license response signature. The exploitation of this vulnerability may allow the attacker to deserialize arbitrary objects they control, potentially leading to command injection. Such a security flaw could severely compromise the integrity and confidentiality of data, allowing unauthorized actions within the system that can disrupt business operations and lead to significant financial losses.
Potential impact of CVE-2025-10035
-
Command Injection Risks: The deserialization vulnerability permits attackers to execute arbitrary commands on affected systems. This could result in unauthorized access to sensitive files, manipulation of data, or even the installation of malicious software, heightening the risk of system breaches.
-
Data Integrity Compromise: Vulnerability exploitation could allow malicious actors to alter or delete important data during transmission or storage, undermining the trustworthiness of data managed by GoAnywhere MFT and potentially affecting regulatory compliance for data handling.
-
Operational Disruption: Successful exploitation may lead to significant operational disruptions, as systems may be rendered inoperable or could require extensive recovery efforts. This could lead to downtime and financial loss, as organizations may struggle to regain secure control over their data transfer processes.
CISA has reported CVE-2025-10035
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-10035 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
GoAnywhere MFT Linux 0 <= 7.8.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Why Supply Chain Security Now Needs Threat-Informed TPRM
As attackers exploit the supply chain, organizations that fail to integrate CTI and TPRM risk being blindsided by the vulnerabilities of their partners.
2 weeks ago
Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook
When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another...
2 weeks ago
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra's GoAnywhere file transfer tool.
3 weeks ago
References
EPSS Score
47% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved