By Sead Fadilpašić
Copyright techradar
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Close main menu
the business technology experts
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
View Profile
Search TechRadar
Expert Insights
Website builders
Web hosting
Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights
Don’t miss these
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
Another major MOVEit flaw could be on the way – here’s what we know
Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now
Top CMS Sitecore patches critical zero-day flaw being hit by hackers
WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know
Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn
Mitel warns critical security flaw could let hackers completely bypass logins
Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update
Hackers hit SAP security bug to send out nasty Linux malware
This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now
Cisco warns of worrying major security flaw in firewall command center, so patch now
Citrix patches a trio of high-severity security bugs, so be on your guard
CISA flags some more serious Ivanti software flaws, so patch now
Trend Micro tells users to patch immediately to protect from Apex One zero-day
CitrixBleed 2 flaws are officially here – so get patching or leave your systems at risk
Ransomware hackers could be targeting GoAnywhere MFT once again – here’s what we know
Sead Fadilpašić
22 September 2025
Fortra found – and patched – a new critical bug in the popular MFT solution
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
CVE-2025-10035 is a critical deserialization flaw in GoAnywhere MFT
Fortra urges users to patch immediately; no confirmed in-the-wild exploitation yet
Vulnerability may allow command injection if systems are exposed to the internet
A critical-severity vulnerability was recently discovered in Fortra’s GoAnywhere MFT, with users urged to apply the fix as soon as possible.
GoAnywhere MFT is a tool that helps businesses send and receive files securely, designed to protect data during transfers, automate file-sharing tasks, and work with both cloud and on-prem systems.
In early 2023, the Cl0p ransomware group found a zero-day in the tool, and used it to attack more than 130 companies, including big names like Procter & Gamble and Hitachi Energy. Although Fortra quickly released a patch, many companies didn’t update in time, which allowed Cl0p to steal sensitive data such as personal and business information, and then use it to extort the victims for money.
You may like
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
Another major MOVEit flaw could be on the way – here’s what we know
Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now
Upgrading the software
This time around, there is no word of in-the-wild abuse, but Fortra did say that it discovered the bug “during a security check”.
The flaw is described as a deserialization vulnerability in the License Servlet of Fortra’s GoAnywhere MFT, allowing threat actors with a validly forged license response signature to deserialize an arbitrary actor-controlled object, “possibly leading to command injection.”
The bug is now tracked as CVE-2025-10035, and has a severity score of 10/10 (critical). It was fixed in GoAnywhere MFT 7.8.4 and Sustain Release 7.6.3, and users are advised to upgrade their software to the newest versions as soon as possible.
“Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet,” Fortra stressed.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Besides patching the flaw, GoAnywhere MFT users are also advised to monitor their Admin Audit logs for suspicious activity, and the log files for errors containing SignedObject.getObject: “If this string is present in an exception stack trace (similar to the following), then the instance was likely affected by this vulnerability.”
More details, as well as IoCs, can be found on this link.
Via BleepingComputer
You might also like
Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights — so patch it now to avoid another Moveit-like debacle
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers
Sead Fadilpašić
Social Links Navigation
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
Another major MOVEit flaw could be on the way – here’s what we know
Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now
Top CMS Sitecore patches critical zero-day flaw being hit by hackers
WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know
Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn
Latest in Security
Hackers are using GPT-4 to build a virtual assistant – here’s what we know
Scammers build fake FBI crime reporting portals to steal personal info – warns FBI
EU says ransomware to blame for attack which caused chaos at airports
CISA flags some more serious Ivanti software flaws, so patch now
This serious Microsoft Entra flaw could have let hackers infiltrate any user, so patch now
VPS servers hijacked into malware proxies – here’s how to stay safe
Latest in News
Windows 11 could bring back an old feature for wallpapers from Windows Vista – and it’s about time
How to watch British Open snooker on ITVX (it’s free)
New Windows 11 25H2 update is about to land on your PC – but where’s the excitement?
First trailer for The Mandalorian & Grogu reveals Sigourney Weaver’s mystery Star Wars character, Rotta the Hutt, and the return of The Rise of Skywalker’s best creature
Montblanc just released an e-notebook, and yes it’s staggeringly expensive
PureVPN Linux apps found to leak IPv6 traffic and mess with your firewall – here’s how to secure your data
LATEST ARTICLES
Huawei is planning a 256-core CPU monster to take on AMD EPYC and Intel Xeon range but it won’t land till 2028 – at least that’s the official line
First trailer for The Mandalorian & Grogu reveals Sigourney Weaver’s mystery Star Wars character, Rotta the Hutt, and the return of The Rise of Skywalker’s best creature
Windows 11 could bring back an old feature for wallpapers from Windows Vista – and it’s about time
I review home gadgets for a living, and this air circulator fan is hands-down the best thing I’ve tested this year – here’s why
Hackers are using GPT-4 to build a virtual assistant – here’s what we know
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future’s experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait…
