Fortra’s GoAnywhere Security Flaw: Medusa Ransomware Wreaks Havoc, Silence Isn’t Golden

Storm-1175 strikes again! Microsoft has linked this cybercriminal group to exploiting a critical Fortra GoAnywhere flaw, CVE-2025-10035, to unleash Medusa ransomware. With a CVSS score of 10.0, this bug lets attackers inject commands without even saying ‘please.’ It’s a serious security sitcom, and Fortra’s got some explaining to do!

3P
Published: October 7, 2025 9:21 amAdded: October 7, 2025 at 2:50 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, Fortra GoAnywhere, you’re not going anywhere fast! With vulnerabilities like CVE-2025-10035, it’s like leaving your front door open with a ‘Welcome Hackers’ sign. Microsoft and Storm-1175 have made sure no one’s getting a good night’s sleep without patching it up. If only ransomware came with a snooze button!

Key Points:

  • Storm-1175 exploits a critical flaw in Fortra GoAnywhere software to deploy Medusa ransomware.
  • The vulnerability, CVE-2025-10035, scores a perfect 10.0 on the CVSS scale for being a critical deserialization bug.
  • Successful exploitation allows attackers access to system discovery, RMM tools deployment, and lateral movement.
  • Rclone and Cloudflare tunnels are used for data exfiltration and command-and-control operations.
  • Organizations have been at risk since September 11, 2025, with little information from Fortra.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?