Outbreak Alert
Watch Video
File Transfer vulnerability under active exploitation
A critical deserialization vulnerability in GoAnywhere MFT’s License Servlet (CVSS 10.0) is actively being exploited in the wild. The flaw allows attackers with a forged license response signature to deserialize arbitrary objects, which can lead to command injection and remote code execution (RCE). FortiGuard telemetry shows sustained, high-volume exploitation attempts against GoAnywhere MFT instances. Learn More »
Common Vulnerabilities and Exposures
Background
GoAnywhere MFT instances are deployed to facilitate file transfers across networks, sometimes exposed to external or semi-trusted networks. Exposure to untrusted networks means threat actors have a better opportunity to probe and exploit. After initial RCE, the attacker can pivot: install malware, drop backdoors, harvest credentials, move laterally, or exfiltrate data.
Storm-1175 (tracked by Microsoft Threat Intelligence) is actively exploiting this vulnerability. The group is associated with Medusa ransomware operations and is known for targeting public-facing applications for initial access.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
FortiGuard customers are protected by multiple layers of defense against the exploit. However, immediate patching of affected system is strongly advised. Organizations with unpatched GoAnywhere MFT deployments are at very high risk of compromise, including ransomware delivery and data theft.
-
October 29, 2025: CISA Adds CVE-2025-1003 to Known Exploited Vulnerabilities to Catalog.
-
October 07, 2025: Investigation of active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability By Microsoft Threat Intelligence.
https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ -
September 18, 2025: On September 18, 2025, Fortra disclosed CVE-2025-10035, a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet.
https://www.fortra.com/security/advisories/product-security/fi-2025-012
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Monitoring (Inside & Outside)
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.