Ransomware hackers could be targeting GoAnywhere MFT once again - here's what we know

8 hours ago 5

(Image credit: Shutterstock)

CVE-2025-10035 is a critical deserialization flaw in GoAnywhere MFT
Fortra urges users to patch immediately; no confirmed in-the-wild exploitation yet
Vulnerability may allow command injection if systems are exposed to the internet

A critical-severity vulnerability was recently discovered in Fortra’s GoAnywhere MFT, with users urged to apply the fix as soon as possible.

GoAnywhere MFT is a tool that helps businesses send and receive files securely, designed to protect data during transfers, automate file-sharing tasks, and work with both cloud and on-prem systems.

In early 2023, the Cl0p ransomware group found a zero-day in the tool, and used it to attack more than 130 companies, including big names like Procter & Gamble and Hitachi Energy. Although Fortra quickly released a patch, many companies didn’t update in time, which allowed Cl0p to steal sensitive data such as personal and business information, and then use it to extort the victims for money.

Upgrading the software

This time around, there is no word of in-the-wild abuse, but Fortra did say that it discovered the bug “during a security check”.

The flaw is described as a deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT, allowing threat actors with a validly forged license response signature to deserialize an arbitrary actor-controlled object, “possibly leading to command injection.”

The bug is now tracked as CVE-2025-10035, and has a severity score of 10/10 (critical). It was fixed in GoAnywhere MFT 7.8.4 and Sustain Release 7.6.3, and users are advised to upgrade their software to the newest versions as soon as possible.

"Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet," Fortra stressed.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Besides patching the flaw, GoAnywhere MFT users are also advised to monitor their Admin Audit logs for suspicious activity, and the log files for errors containing SignedObject.getObject: “If this string is present in an exception stack trace (similar to the following), then the instance was likely affected by this vulnerability.”

More details, as well as IoCs, can be found on this link.

Via BleepingComputer

Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights — so patch it now to avoid another Moveit-like debacle
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article