CVE-2025-10035 concerns Fortra’s GoAnywhere Managed File Transfer (MFT), a widely used enterprise-grade file transfer solution deployed on-premises, in the cloud, and in hybrid environments. GoAnywhere MFT is used by organizations of all sizes to securely transfer files and maintain audit trails. The vulnerability is located in the application’s License Servlet component.
| Product | GoAnywhere MFT |
| Date | 2025-09-22 16:30:46 |
| Information |
|
Technical Summary
This is a deserialization vulnerability with a maximum CVSS score of 10.0 out of 10.0, making it a critical severity flaw. The vulnerability is caused by a deserialization defect in the GoAnywhere MFT License Servlet, which allows a remote actor with a validly forged license response signature to deserialize an arbitrary object controlled by the actor themselves, potentially leading to command execution.
According to Fortra, the flaw “allows an actor with a validly forged license response signature to deserialize an arbitrary object controlled by the actor, possibly leading to command injection.” Although there is currently no evidence of active exploitation in the wild, the vulnerability represents a serious risk, particularly for organizations that expose the GoAnywhere Admin Console to the internet.
Recommendations
Immediate remediation required: Update immediately to GoAnywhere MFT version 7.8.4, as Fortra released a patch on September 18, 2025.
Network security: Limit the exposure of the GoAnywhere Admin Console to the internet and implement proper network segmentation.
Access controls: Review and strengthen license management controls and authentication mechanisms.
Monitoring: Implement advanced monitoring to detect suspicious activity related to license validation and deserialization attempts.
Risk assessment: Given the maximum severity score and the fact that GoAnywhere MFT has been targeted by ransomware groups in the past, perform a risk assessment immediately.
Incident response: Prepare incident response procedures, as this type of vulnerability has previously been exploited by ransomware operators against similar file transfer solutions.
[Callforaction-THREAT-Footer]
