CVE-2025-10035 – Critical unauthenticated RCE in GoAnywhere MFT


On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that has been exploited in-the-wild in the past.

In 2023, CVE-2023-0669 was exploited in-the-wild as a zero-day, and that vulnerability is known to have been used by ransomware groups. Currently there is no known public exploit code available for the new vulnerability, CVE-2025-10035, and the vendor has not reported CVE-2025-10035 as having been exploited in-the-wild. However, given the nature and history of this product, this new vulnerability should be treated as a significant threat.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hackers are exploiting a new Fortinet firewall bug to breach company networks

    January 14, 2025

    Security researchers say malicious hackers have been exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published Tuesday, security product maker Fortinet confirmed that a critical-rated vulnerability in its FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited in the wild.” Fortinet made patches available, but security researchers ...

  • Patch Tuesday – January 2025

    January 14, 2025

    Microsoft is addressing 161 vulnerabilities this January 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity ...

  • Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

    January 13, 2025

    Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions. SIP is a security technology that restricts the performance of operations that may compromise system integrity; thus, a SIP bypass affects the overall security of the operating system. Bypassing ...

  • Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

    January 13, 2025

    Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet warned of an “ongoing security incident” under investigation. Nominet said hackers accessed its systems via “third-party VPN software ...

  • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

    January 11, 2025

    Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of our investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...

  • Active Exploitation of Zero-Day Vulnerability in Ivanti Connect Secure

    January 9, 2025

    CVE-2025-0282 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 9.0. If exploited, a remote unauthenticated attacker could execute arbitrary code (ACE). CVE-2025-0283 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 7.0. If exploited, a local authenticated attacker could escalate their privileges. Affected organisations must review the Ivanti Security Advisory and ...