“The description and root cause of CVE-2025-10035 — a newly disclosed critical vulnerability in Fortra’s GoAnywhere MFT solution — is virtually identical to that of CVE-2023-0669, another critical issue that was widely exploited by ransomware groups in 2023, including Cl0p,” Caitlin Condon, vice president of research at security intelligence firm VulnCheck, told CSO via email. “While it’s not clear currently if CVE-2025-10035 has been exploited in the wild, it’s safe to assume ransomware and other APT groups will be highly motivated to develop exploits targeting this new vulnerability.”
The new vulnerability was patched 5 days after it was discovered on Sept. 13. Users are advised to update to GoAnywhere MFT versions 7.8.4 and 7.6.3, depending on which release they’re using.
Successful exploitation depends on attackers having the ability to access the GoAnywhere Admin Console and send a validly forged license response signature to deserialize an arbitrary actor-controlled object. Fortra advises users to not expose the Admin Console directly to the internet.
