Fortra’s GoAnywhere MFT: The Never-Ending Ransomware Saga Continues!
Budding ransomware crooks have another shot at exploiting Fortra’s GoAnywhere MFT product due to a new 10/10 severity vulnerability. With the potential for command injection, it’s a cybercriminal’s dream! Fortra’s advisory encourages a quick patch update. After all, who wouldn’t want to avoid being on a ransomware crook’s speed dial?
Hot Take:
Just when you thought it was safe to go back to file transferring, Fortra’s GoAnywhere MFT is back with another vulnerability sequel! It’s like a blockbuster series, but instead of popcorn, we’re munching on firewalls and patches. Someone call Hollywood, because these hackers have a script that’s scarier than any horror movie!
Key Points:
- Fortra’s GoAnywhere MFT is facing a new critical vulnerability, CVE-2025-10035, with a severity score of 10/10.
- The vulnerability allows command injection through a deserialization flaw in the License Servlet.
- Customers are advised to update to version 7.8.4 or 7.6.3, or secure the admin console from the web.
- Previous vulnerabilities in GoAnywhere MFT were exploited by notorious ransomware groups LockBit and Black Basta.
- Managed file transfer apps continue to be lucrative targets for cybercriminals due to data access.
Already a member? Log in here