Cybersecurity Chaos: Fortra GoAnywhere Flaw Exploited Before Public Disclosure!

Fortra GoAnywhere MFT users, brace yourselves! A cybersecurity thriller has kicked off with CVE-2025-10035, the deserialization vulnerability that’s been exploited in the wild since September 10, 2025. Hackers are having a field day, so patch that software faster than you can say “command injection”!

3P
Published: September 26, 2025 9:35 amAdded: September 26, 2025 at 2:43 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, it seems like the Fortra GoAnywhere Managed File Transfer (MFT) software decided to take its vulnerability on a world tour without telling anyone first. It’s like a rock band that starts playing gigs a week before announcing the tour dates. Talk about a surprise performance nobody wanted! Looks like cybersecurity practitioners will have to play catch-up, but hey, at least they know where to start looking for the bandits: the License Servlet. Encore, anyone?

Key Points:

  • watchTowr Labs disclosed active exploitation of a Fortra vulnerability a week before it was publicly known.
  • The vulnerability, CVE-2025-10035, involves a deserialization flaw in the License Servlet.
  • Rapid7 notes it’s part of a chain: access control bypass, unsafe deserialization, and an unknown private key issue.
  • Exploitation involves creating backdoor accounts and uploading malicious payloads.
  • Threat actor activity traced to an IP known for brute-force attacks on Fortinet FortiGate appliances.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?