What is the story about?
What's Happening?
A critical vulnerability in Fortra's GoAnywhere MFT software was exploited as a zero-day, according to cybersecurity firm watchTowr. The flaw, identified as CVE-2025-10035, allows attackers to perform remote code execution without authentication by exploiting a deserialization vulnerability in the software's license servlet. This vulnerability was actively exploited before Fortra released patches on September 18, 2025. Hackers used the flaw to create backdoor admin accounts and gain unauthorized access to the MFT service, affecting over 20,000 instances, including those of Fortune 500 companies. Rapid7's analysis revealed that the vulnerability is part of a chain of three bugs, including an access control bypass known since 2023.
Why It's Important?
The exploitation of this vulnerability highlights the ongoing challenges in cybersecurity, particularly in protecting sensitive data and systems from sophisticated attacks. The fact that Fortune 500 companies are among those affected underscores the potential for significant data breaches and operational disruptions. Organizations relying on GoAnywhere MFT must urgently assess their exposure and implement security measures to mitigate risks. The incident also raises concerns about the timeliness of security patches and the need for proactive vulnerability management to prevent similar occurrences.
What's Next?
Organizations using GoAnywhere MFT are advised to ensure their systems are not publicly accessible and to apply the latest patches immediately. Cybersecurity firms like watchTowr and Rapid7 continue to investigate the vulnerability's exploitation methods, particularly the unknown private key 'serverkey1' required for successful attacks. Companies may need to consider additional security measures, such as network segmentation and enhanced monitoring, to protect against future threats. The incident may prompt broader discussions on improving software security practices and response times to vulnerabilities.
AI Generated Content
Do you find this article useful?
