1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Experts warn a maximum severity GoAnywhere MFT flaw is now being

    From TechnologyDaily@1337:1/100 to All on Mon Sep 29 16:30:08 2025
    Experts warn a maximum severity GoAnywhere MFT flaw is now being exploited as a zero day

    Date:
    Mon, 29 Sep 2025 15:24:00 +0000

    Description:
    Hackers started abusing GoAnywhere MFT bug a week before the patch was released.

    FULL STORY ======================================================================CVE-2025 -10035 in GoAnywhere MFT allows critical command injection via license
    servlet Exploitation began before public disclosure; WatchTowr found credible in-the-wild evidence Users urged to patch or isolate systems; past flaws led to major Cl0p ransomware breaches

    GoAnywhere MFT, a popular managed file transfer solution, is carrying a maximum-severity vulnerability currently being exploited in the wild after security researchers WatchTowr Labs claim to have found credible evidence.

    Fortra (the company behind GoAnywhere) recently published a new security advisory, urging customers to patch CVE-2025-10035.

    This is a deserialization vulnerability in the License Servlet that allows threat actors to run command injection attacks. In other words, its a hole in the license-checking system that could let attackers trick GoAnywhere into running their code. Credible evidence

    The vulnerability was given a maximum severity rating - 10/10, meaning its absolutely critical that users patch it. Other than that, the advisory did
    not say much about potential attackers, or current targets.

    WatchTowrs researchers did, though: "We have been given credible evidence of in-the-wild exploitation of Fortra GoAnywhere CVE-2025-10035 dating back to September 10, 2025," the researchers said in their writeup.

    "That is eight days before Fortra's public advisory, published September 18, 2025. This explains why Fortra later decided to publish limited IOCs, and we're now urging defenders to immediately change how they think about timelines and risk."

    The best way to protect against the attacks is to upgrade to a patched version, either the latest release (7.8.4), or the Sustain Release 7.6.3.

    Those who cannot patch at this time can remove GoAnywhere from the public internet through the Admin Console, and those who suspect they may have been targeted should inspect log files for errors containing the string 'SignedObject.getObject,'.

    In early 2023, threat actors exploited a flaw in GoAnywhere MFT to steal data from dozens of organizations worldwide. The ransomware group Cl0p claimed responsibility, leaking sensitive files and demanding payment, turning it
    into one of the years most damaging supply-chain style breaches.

    Via BleepingComputer You might also like Ransomware hackers could be targeting GoAnywhere MFT once again - here's what we know Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-warn-a-maximum-severity-goanywh ere-mft-flaw-is-now-being-exploited-as-a-zero-day


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)