On October 10, 2025, Fortra disclosed the findings of its investigation into CVE-2025-10035, a critical security vulnerability in its GoAnywhere Managed File Transfer (MFT) software. This flaw has been actively exploited since at least September 11, 2025.
Initial Detection and Immediate Actions
The issue came to light on September 11, 2025, when a customer reported a potential vulnerability. Fortra’s investigation revealed suspicious activities associated with this flaw. On the same day, the company reached out to on-premises customers whose GoAnywhere admin consoles were accessible via the public internet and informed law enforcement agencies about the incident.
Patch Development and Deployment
To address the vulnerability, Fortra released a hotfix on September 12, 2025, targeting software versions 7.6.x, 7.7.x, and 7.8.x. Comprehensive updates, versions 7.6.3 and 7.8.4, were made available by September 15. The Common Vulnerabilities and Exposures (CVE) identifier for this flaw was officially published on September 18.
Scope and Mitigation Measures
Fortra clarified that the risk associated with CVE-2025-10035 is confined to customers with admin consoles exposed to the public internet. Other web-based components of the GoAnywhere architecture remain unaffected. Despite this, there have been limited reports of unauthorized activities linked to this vulnerability. Fortra advises users to restrict internet access to the admin console, enable monitoring, and ensure their software is up-to-date.
Technical Details and Exploitation
CVE-2025-10035 is a deserialization vulnerability in the License Servlet, potentially leading to unauthenticated command injection. Microsoft reported that a threat actor, identified as Storm-1175, has been exploiting this flaw since September 11 to deploy Medusa ransomware. The method by which attackers obtained the private keys necessary for exploitation remains unclear.
Expert Insights
Benjamin Harris, CEO and founder of watchTowr, commented on the situation, stating that Fortra’s confirmation of unauthorized activity related to CVE-2025-10035 indicates that the vulnerability is not merely theoretical. He emphasized that attackers have managed to bypass or meet the cryptographic requirements needed to exploit this flaw.
Conclusion
Fortra’s prompt response to CVE-2025-10035 underscores the importance of swift action in the face of security vulnerabilities. By releasing timely patches and providing clear guidance, the company aims to mitigate potential threats and protect its customers. Users are urged to implement the recommended security measures to safeguard their systems against exploitation.
