Microsoft Warns: Active Exploitation of Fortra's GoAnywhere MFT Vulnerability
Microsoft has warned of active exploitation of a critical vulnerability in Fortra's GoAnywhere MFT since mid-September 2025. The cybercrime group Storm-1175, linked to Medusa ransomware, has been leveraging this flaw for nearly a month.
WatchTowr Labs confirmed that the vulnerability, identified as CVE-2025-10035, is a deserialization issue in the License Servlet of GoAnywhere MFT. It allows command injection via a validly forged license response signature, enabling attackers to gain access remotely without user interaction.
Microsoft observed threat actors exploiting this zero-day vulnerability to gain access, maintain persistence using remote management tools (RMM), and exfiltrate data with Rclone. Fortra addressed the issue on September 18, 2025, releasing a patch to mitigate the risk.
Microsoft advises updating GoAnywhere MFT to the latest patched version, using tools like Defender EASM for detection and prevention, and restricting servers from making arbitrary outbound internet connections. Users are urged to apply the patch promptly to protect against potential data breaches and ransomware attacks.
Read also:
- Singapore Warns of China-Linked APT Group Targeting Critical Infrastructure
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
