A severe vulnerability has been discovered in Fortra’s GoAnywhere Managed File Transfer (MFT) software, causing major concern among enterprise IT departments. This zero-day flaw, rated a perfect 10 on the CVSS scale, allows hackers to inject commands without authentication, posing risks of data breaches and ransomware attacks. The issue lies in the software’s License Servlet, enabling remote code execution. Known as CVE-2025-10035, the vulnerability was disclosed in a Fortra advisory, which urged immediate updates to version 7.8.4 or later. Hackers reportedly began exploiting the flaw at least eight days before a patch was available, creating backdoor admin accounts for ongoing access. Despite efforts to mitigate the issue, many GoAnywhere instances remain vulnerable online, exposing them to potential attacks.
Cybersecurity firm WatchTowr Labs has provided evidence of these attacks, revealing that hackers exploited the flaw through the license-checking mechanism. This incident is reminiscent of a 2023 zero-day vulnerability, CVE-2023-0669, used by ransomware groups to compromise data. Fortra has recommended limiting access to the Admin Console to internal networks or trusted IPs, but the ease of exploitation means many systems could already be compromised. Experts warn of significant financial and reputational risks if swift action is not taken.
The attacks highlight a recurring problem in managed file transfer tools, where components like license servlets become entry points for sophisticated intrusions. GoAnywhere MFT is widely used for secure data exchanges in critical sectors, and a breach could expose vast amounts of sensitive information. The zero-day was used to gain unauthorized admin privileges, allowing attackers deeper network access, a tactic seen in advanced persistent threats.
IT professionals are advised to scan for vulnerabilities using tools from Qualys or Rapid7 and to update to the latest software version. Additional protections such as web application firewalls and network segmentation are recommended. Fortra has also stressed monitoring for unusual admin account activity. With over 20,000 systems potentially vulnerable, immediate audits and isolation of MFT services are crucial until patches are applied.
The incident echoes previous exploits that led to significant data leaks, and experts warn of potential escalation by nation-state actors or ransomware affiliates. This event underscores the need for real-time threat intelligence and zero-trust architectures to combat such zero-day threats. As patches are implemented, attention must turn to forensic analysis to ensure no hidden backdoors remain in networks.
