Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
12 hours ago
- #vulnerability
- #Fortra
- #cybersecurity
- CVE-2025-10035 is a critical vulnerability (CVSS 10.0) in Fortra's GoAnywhere MFT, a managed file transfer solution.
- The vulnerability involves a deserialization flaw in the License Servlet, potentially allowing pre-authentication command injection.
- Exploitation requires bypassing a license request token validation, which can be achieved unauthenticated under certain conditions.
- The vulnerability shares similarities with CVE-2023-0669, previously exploited by the cl0p ransomware gang.
- Fortra's advisory suggests checking logs for 'SignedObject.getObject' in exception traces as an indicator of compromise.
- The patch for the vulnerability hardens the deserialization routine but leaves the signature verification logic unchanged.
- A detection artifact is provided to identify unpatched systems by checking for a license request token in the response to a specific HTTP request.