CVE-2025-10035 is a critical deserialization vulnerability in Fortra GoAnywhere MFT's License Servlet that allows unauthenticated remote code execution. This vulnerability has been actively exploited as a zero-day and affects internet-facing managed file transfer servers.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
π CVE Published: 2025-09-18
π Added to CISA KEV: 2025-09-29 11 DAYS BETWEEN CVE AND KEV
Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet. (CVE-2025-10035) Successful exploitation of this vulnerability could allow an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
In 2023, the Cl0p ransomware group targeted GoAnywhere MFT via CVE-2023-0669, resulting in data exfiltration from numerous victims.
The vulnerability tracked as CVE-2025-10035 allows an unauthenticated attacker to remotely execute some code on the system, throught the ...
A critical deserialization vulnerability (CVE-2025-10035) was discovered in Fortra s GoAnywhere MFT s License Servlet on September 18, 2025.
September 19, 2025. CVE-2025-10035: Maximum-Severity Command Injection Vulnerability in Fortra GoAnywhere MFT.External vulnerability scans look at your network from the threat actorβs perspective. They scan external IP addresses and domains, probing for vulnerabilities in internet-facing infrastructure to determine which ones can be exploited.