1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ransomware hackers could be targeting GoAnywhere MFT once again -

    From TechnologyDaily@1337:1/100 to All on Mon Sep 22 15:00:10 2025
    Ransomware hackers could be targeting GoAnywhere MFT once again - here's what we know

    Date:
    Mon, 22 Sep 2025 13:54:03 +0000

    Description:
    Fortra found - and patched - a new critical bug in the popular MFT solution, and is urging users to apply it ASAP.

    FULL STORY ======================================================================CVE-2025 -10035 is a critical deserialization flaw in GoAnywhere MFT Fortra urges
    users to patch immediately; no confirmed in-the-wild exploitation yet Vulnerability may allow command injection if systems are exposed to the internet

    A critical-severity vulnerability was recently discovered in Fortras GoAnywhere MFT, with users urged to apply the fix as soon as possible.

    GoAnywhere MFT is a tool that helps businesses send and receive files securely, designed to protect data during transfers, automate file-sharing tasks, and work with both cloud and on-prem systems.

    In early 2023, the Cl0p ransomware group found a zero-day in the tool, and used it to attack more than 130 companies , including big names like Procter
    & Gamble and Hitachi Energy. Although Fortra quickly released a patch, many companies didnt update in time, which allowed Cl0p to steal sensitive data such as personal and business information, and then use it to extort the victims for money. Upgrading the software

    This time around, there is no word of in-the-wild abuse, but Fortra did say that it discovered the bug during a security check.

    The flaw is described as a deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT, allowing threat actors with a validly forged license response signature to deserialize an arbitrary
    actor-controlled object, possibly leading to command injection.

    The bug is now tracked as CVE-2025-10035, and has a severity score of 10/10 (critical). It was fixed in GoAnywhere MFT 7.8.4 and Sustain Release 7.6.3, and users are advised to upgrade their software to the newest versions as
    soon as possible.

    "Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet," Fortra stressed.

    Besides patching the flaw , GoAnywhere MFT users are also advised to monitor their Admin Audit logs for suspicious activity, and the log files for errors containing SignedObject.getObject: If this string is present in an exception stack trace (similar to the following), then the instance was likely affected by this vulnerability.

    More details, as well as IoCs, can be found on this link .

    Via BleepingComputer You might also like Popular file transfer software has
    a seriously dangerous security bug that gives anyone free administrator
    rights so patch it now to avoid another Moveit-like debacle Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ransomware-hackers-could-be-targeting-g oanywhere-mft-once-again-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)