According to The Cyber Express, Fortra has addressed a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) software, urging users to promptly apply the patch due to the high risk of exploitation by threat actors.

The recently fixed vulnerability, CVE-2025-10035, rated 10.0 in severity, exposed a deserialization flaw in GoAnywhere MFT's License Servlet, potentially enabling command injection. Fortra emphasized the importance of upgrading to the latest patched versions, 7.8.4 or 7.6.3, to mitigate the risk. The company also advised restricting public access to the GoAnywhere Admin Console to prevent exploitation, as threat actors have a history of targeting MFT vulnerabilities.

The exploitation potential of MFT vulnerabilities is exemplified by past incidents involving ransomware groups like CL0P. With the threat landscape evolving, organizations using GoAnywhere MFT are strongly advised to apply the patch promptly and enhance security measures to safeguard against potential attacks.