Security experts are raising an alarm about the possibility of supply-chain attacks, particularly by hackers on GoAnywhere MFT, a popular enterprise file transfer solution. The critical severity bug has very noticeable parallels to a previously referred to zero-day, which allowed numerous organizations to be attacked with ransomware, exploiting such a zero-day.
Vulnerability outbreaked vessel deserialization Critical
The vulnerability is named CVE-2025-10035 and was reported by Fortra on September 18, 2025, and is considered an unsafe deserialization that permits an opportunity to execute unauthenticated remote code. The protection has been taken advantage of by GoAnywhere MFT, a managed file transfer service employed in over 3,000 organisations, including Fortune 500 businesses.
A CVE-2025-10035 vulnerability can give an actor holding a valid remade license response signature the ability to de-sixtisate an arbitrary object under the control of an actor, potentially resulting in command injection, as explained in the Fortra security advisory. The imperfection is rated 10, and this is the highest tolerance of a CVSS rating.
The weakness of the product is its License servlet, and as such, the attackers should have properly forged the license response signature to use the bug. Security professionals observe that deserialization vulnerabilities are generally very predictable as opposed to other forms of bugs, and this is why they are the most preferred after all by attackers.
Bothersome prefigurations of adventures
Scientists have found troubling parallels between this novel bug and CVE-2023-0669, which is a zero-day bug that was widely used by ransomware organizations. The description of the vulnerability is virtually the same as that of the following CVE-2023-0669, said Caitlin Condon, who is the vice president of security research at VulnCheck.
The Clop ransomware group utilized the 2023 vulnerability and caused attacks in more than 100 organizations and at least five other ransomware groups. Clop exploited weaknesses in file-transfer services and was able to attain mass exploitation when it gained entry into the MOVEit systems in 2023 and eventually revealed information of the companies and organizations of over 2,300.
Attackers are interested in high-value targets
File transfer is a very appealing target for criminals as it deals with sensitive information. File transfer services are, by nature, sensitive, storing files that have sensitive information, and, as such, explained Ryan Dewhurst, head of proactive threat intelligence at watchTowr. threat actors, in particular, ransomware groups could become interested in primarily blackmailing with the files exposed.
Stephen Fewer, senior researcher, and Buchholz, senior researcher at Rapid7, observed that file-transfer services are frequently exposed to the internet with network credentials aiding in the access, storage, and flow of data elements, which form high-value targets for attackers.
No active FOLNF exploiting
On September 11, Fortra became aware of the vulnerability as a security check was being conducted. According to Jessica Ryan, the customers of GoAnywhere who have an available internet-based administrative console may be prone to uncommitment by both third-party users, said Ryan, the marketing manager of Fortra.
Although no cases of active exploitation have been reported, security researchers anticipate that this will soon be the case. Dewhurst assures that it is only a matter of time, and they are keeping a sharp check on the situation. As of now, a public exploit does not exist against CVE-2025-10035; however, it might be found as a private exploit. The exploit of this particular vulnerability has not been reported by any party in the wild.
Fortra has issued appropriate patches to exploit the vulnerability. The most recent release is centered on version 7.8.4 or higher, and the latest Sustain release is on version 7.6.3 or higher of GoAnywhere MFT. This vulnerability potentially exists since GoAnywhere has a history of being exploited, and due to the critical severity of this attack, organizations in the technology sector must emphasize patching immediately to avoid successful supply-chain attacks.