By Sead Fadilpašić

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

CISA flags some more serious Ivanti software flaws, so patch now

Libraseva urges users to patch now as it issues emergency fix following attacks

SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn

Trend Micro tells users to patch immediately to protect from Apex One zero-day

WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know

CitrixBleed 2 exploits are now in the wild, so patch now

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

Citrix patches a trio of high-severity security bugs, so be on your guard

Security experts flag another worrying issue with Anthropic AI systems – here’s what they found

Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update

Hackers hit SAP security bug to send out nasty Linux malware

US federal agency breached by hackers using GeoServer exploit, CISA says

Experts warn a maximum severity GoAnywhere MFT flaw is now being exploited as a zero day

Sead Fadilpašić

29 September 2025

A patch is already released, so hurry up

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Image Credit: Pixabay
(Image credit: Pixabay)

CVE-2025-10035 in GoAnywhere MFT allows critical command injection via license servlet
Exploitation began before public disclosure; WatchTowr found credible in-the-wild evidence
Users urged to patch or isolate systems; past flaws led to major Cl0p ransomware breaches

GoAnywhere MFT, a popular managed file transfer solution, is carrying a maximum-severity vulnerability currently being exploited in the wild after security researchers WatchTowr Labs claim to have found “credible evidence”.

Fortra (the company behind GoAnywhere) recently published a new security advisory, urging customers to patch CVE-2025-10035.
This is a deserialization vulnerability in the License Servlet that allows threat actors to run command injection attacks. In other words, it’s a hole in the license-checking system that could let attackers trick GoAnywhere into running their code.

You may like

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

CISA flags some more serious Ivanti software flaws, so patch now

Credible evidence
The vulnerability was given a maximum severity rating – 10/10, meaning it’s absolutely critical that users patch it. Other than that, the advisory did not say much about potential attackers, or current targets.

WatchTowr’s researchers did, though: “We have been given credible evidence of in-the-wild exploitation of Fortra GoAnywhere CVE-2025-10035 dating back to September 10, 2025,” the researchers said in their writeup.
“That is eight days before Fortra’s public advisory, published September 18, 2025. This explains why Fortra later decided to publish limited IOCs, and we’re now urging defenders to immediately change how they think about timelines and risk.”
The best way to protect against the attacks is to upgrade to a patched version, either the latest release (7.8.4), or the Sustain Release 7.6.3.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Those who cannot patch at this time can remove GoAnywhere from the public internet through the Admin Console, and those who suspect they may have been targeted should inspect log files for errors containing the string ‘SignedObject.getObject,’.
In early 2023, threat actors exploited a flaw in GoAnywhere MFT to steal data from dozens of organizations worldwide. The ransomware group Cl0p claimed responsibility, leaking sensitive files and demanding payment, turning it into one of the year’s most damaging supply-chain style breaches.
Via BleepingComputer
You might also like

Ransomware hackers could be targeting GoAnywhere MFT once again – here’s what we know
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

CISA flags some more serious Ivanti software flaws, so patch now

Libraseva urges users to patch now as it issues emergency fix following attacks

SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn

Latest in Security

Companies are facing more cyberattacks than ever before – and many just can’t cope

Volvo says staff data was stolen following recent ransomware attack on IT supplier

Harrods cyberattack – over 430,000 customers have data stolen, here’s how to stay safe

LockBit malware is back – and nastier than ever, experts claim

Look out – these fake Microsoft Teams installers are just spreading dangerous malware

Qualcomm Guardian is its rival to Intel’s popular vPro platform management system – it can even work without Wi-Fi, but I’m not sure whether it’s such a good thing

Latest in News

Google Home app gets surprise early AI upgrade for a lucky few, and I’m jealous

What is the release date for 9-1-1 season 9 episode 1 on Hulu and other streaming services?

ChatGPT is getting parental controls starting today – here’s what they do and how to set them up

Experts warn a maximum severity GoAnywhere MFT flaw is now being exploited as a zero day

YouTube Premium gets 5 handy new features, including faster playback and higher-quality audio

Microsoft Edge gets a major security upgrade which should ease concerns for many users

LATEST ARTICLES

Microsoft Edge gets a major security upgrade which should ease concerns for many users

The Samsung Galaxy S26 Ultra’s S Pen could get a curvy redesign

5 of the best free movies to stream on Tubi, Plex, Pluto TV and more this week (September 29)

Google Home app gets surprise early AI upgrade for a lucky few, and I’m jealous

LockBit malware is back – and nastier than ever, experts claim

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…