Critical Vulnerability in Fortra's GoAnywhere MFT Software
A critical security flaw has been identified in Fortra's GoAnywhere Managed File Transfer (MFT) software, posing a significant risk to organizations using this solution. The vulnerability, designated as CVE-2025-10035, has been assigned a maximum severity score of 10.0 on the CVSS scale. It involves a deserialization vulnerability within the License Servlet, which could allow an attacker with a forged license response signature to execute arbitrary commands. This flaw is particularly concerning as it affects systems that are publicly accessible over the internet, a common configuration for many GoAnywhere MFT deployments.
The vulnerability has not yet been reported as exploited in the wild; however, given the history of similar vulnerabilities in the same product being leveraged by ransomware groups, there is a high likelihood of future exploitation. Previous vulnerabilities in GoAnywhere MFT, such as CVE-2023-0669 and CVE-2024-0204, were actively exploited by threat actors, including ransomware groups like LockBit. Organizations using GoAnywhere MFT are urged to update to the latest patched versions—7.8.4 or Sustain Release 7.6.3—to mitigate potential risks.
The broader cybersecurity landscape continues to see an increase in attacks targeting internet-facing systems, emphasizing the need for robust security measures and timely patch management. As threat actors become more sophisticated, vulnerabilities in widely used software solutions like GoAnywhere MFT present attractive targets for exploitation. Organizations must remain vigilant and proactive in securing their systems against such threats.
Threats and Vulnerabilities
The primary threat discussed is the deserialization vulnerability in Fortra's GoAnywhere MFT software, tracked as CVE-2025-10035. This flaw allows an attacker to execute arbitrary commands by exploiting a weakness in the License Servlet's handling of forged license response signatures. The potential impact is severe, with the possibility of full system compromise if exploited successfully. The vulnerability is particularly dangerous for systems exposed to the internet, which is a common setup for GoAnywhere MFT instances.
While there are no confirmed reports of this vulnerability being exploited in the wild, the history of similar vulnerabilities in the same product being targeted by ransomware groups suggests a high risk of future attacks. Previous vulnerabilities, such as CVE-2023-0669 and CVE-2024-0204, were exploited to steal sensitive data and create unauthorized administrator accounts, respectively. These incidents highlight the attractiveness of GoAnywhere MFT as a target for cybercriminals.
Industries most at risk include those heavily reliant on secure file transfer solutions, such as finance, healthcare, and government sectors. The potential for data breaches and operational disruptions makes it imperative for organizations to address this vulnerability promptly.
Client Impact
Clients using Fortra's GoAnywhere MFT software may face significant risks if the identified vulnerability is exploited. Potential impacts include operational disruptions due to unauthorized command execution, data breaches resulting from unauthorized access to sensitive information, and financial losses associated with remediation efforts and potential regulatory fines. The reputational damage from such incidents could also be substantial, particularly for organizations in industries where trust and confidentiality are paramount.
From a compliance perspective, failure to address this vulnerability could lead to regulatory challenges, audits, or penalties, especially for organizations subject to data protection regulations like GDPR or HIPAA. Ensuring timely patching and implementing access restrictions are critical steps in maintaining compliance and protecting organizational assets.
Mitigations
To mitigate the risks associated with the identified vulnerability in Fortra's GoAnywhere MFT software, clients should consider the following actions:
- Update to the latest patched version of GoAnywhere MFT (version 7.8.4 or Sustain Release 7.6.3) to address the vulnerability.
- Restrict external access to the GoAnywhere Admin Console by configuring firewalls or VPNs to limit exposure.
- Conduct regular security assessments and penetration testing to identify and remediate potential vulnerabilities.
- Implement robust monitoring and logging practices to detect any unauthorized access attempts or anomalies.
- Educate employees about cybersecurity best practices and the importance of timely software updates.
By taking these steps, organizations can significantly reduce their risk exposure and enhance their overall security posture. It is crucial to remain vigilant and proactive in addressing vulnerabilities as they arise, ensuring that systems are protected against emerging threats.
1898 & Co. Response
1898 & Co. is actively addressing the current threat landscape by offering specialized services designed to help clients mitigate emerging cybersecurity risks. Our team provides tailored vulnerability assessments and penetration testing services to identify potential weaknesses in client systems, including those related to Fortra's GoAnywhere MFT software.
We have updated our security protocols to incorporate the latest threat intelligence and best practices for securing internet-facing systems. Our experts collaborate with industry partners and government agencies to stay informed about new vulnerabilities and attack vectors, ensuring that our clients receive timely and relevant guidance.
Our ongoing research efforts focus on understanding the tactics used by threat actors targeting file transfer solutions like GoAnywhere MFT. By analyzing real-world case studies and successful mitigations, we provide clients with actionable insights and strategies to enhance their security defenses.