Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      Starbucks’s AI Shift Signals Growing Revolt Against Legacy Enterprise Software

      July 16, 2026

      Aviation Industry Seeks to Rebrand “Drones” as Consumer and Passenger Flight Technologies

      July 16, 2026

      Wearable Technology Firms Race to Own User Data as AI Ecosystem Battle Intensifies

      July 16, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        Aviation Industry Seeks to Rebrand “Drones” as Consumer and Passenger Flight Technologies

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • AI

        Starbucks’s AI Shift Signals Growing Revolt Against Legacy Enterprise Software

        July 16, 2026

        New AI Safety Proposal Calls for U.S.-China Pause on Frontier AI Development

        July 16, 2026

        Wearable Technology Firms Race to Own User Data as AI Ecosystem Battle Intensifies

        July 16, 2026

        Washington’s Intel Gamble Begins Delivering Strategic Results

        July 16, 2026

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026
      • Security

        New AI Safety Proposal Calls for U.S.-China Pause on Frontier AI Development

        July 16, 2026

        Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

        July 16, 2026

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Evidence Surfaces of Active Exploitation in GoAnywhere MFT’s Critical Flaw Before Patch Rollout
      Tech

      Evidence Surfaces of Active Exploitation in GoAnywhere MFT’s Critical Flaw Before Patch Rollout

      Updated:December 25, 20254 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Evidence Surfaces of Active Exploitation in GoAnywhere MFT’s Critical Flaw Before Patch Rollout
      Evidence Surfaces of Active Exploitation in GoAnywhere MFT’s Critical Flaw Before Patch Rollout
      Share
      Facebook Twitter LinkedIn Pinterest Email

      A vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) system, tracked as CVE-2025-10035, has been confirmed as actively exploited in the wild even before its public disclosure, based on analysis by security firm watchTowr and corroborated by media outlets. This flaw, residing in the License Servlet, stems from unsafe deserialization and enables attackers holding a forged license response signature to execute arbitrary commands without authentication. Evidence indicates that exploitation dates back to September 10, eight days ahead of the vendor’s advisory on September 18. The attack chain reportedly involves creation of a backdoor admin account (named “admin-go”), deployment of secondary payloads, and misuse of a remote support binary for persistent control. Remediation is available via updates to GoAnywhere MFT version 7.8.4 or Sustain Release 7.6.3, and administrators are urged to restrict Internet exposure of the Admin Console and hunt for indicators like stack traces referencing SignedObject.getObject.

      Sources: Bleeping Computer, HelpNet Security, Rapid 7

      Key Takeaways

      – The GoAnywhere MFT flaw CVE-2025-10035 is rated at the highest severity (CVSS 10.0) and permits unauthenticated remote command execution via a deserialization vulnerability in its License Servlet.

      – Evidence from security researchers indicates that the vulnerability was exploited in real-world attacks starting before the patch was publicly disclosed, creating a gap period of elevated risk.

      – Organizations using GoAnywhere should upgrade immediately to the fixed versions (7.8.4 or 7.6.3), disable public exposure of the Admin Console, and scan logs for signs of compromise—especially references to SignedObject.getObject.

      In-Depth

      GoAnywhere MFT is widely used in enterprises to automate and secure file exchanges. Because it handles sensitive data and communicates with external systems, it’s a compelling target for attackers. The recently disclosed vulnerability, CVE-2025-10035, is especially dangerous: it resides in the License Servlet component, which handles responses related to licensing activities. In insecure implementations, an attacker can submit a crafted “license response” payload, forcing the system to deserialize attacker-controlled data—leading to a command injection if conditions align.

      What makes this attack even more chilling is that it doesn’t require prior authentication. If the attacker can supply a forged license signature (possibly via having or deducing a private-key or by abusing flaws in the flow), they can trigger execution of malicious code. Once inside, attackers may create new administrative accounts—witness the observed “admin-go” account—spin up web users, and upload implants. In one reported case, they used a legitimate remote access tool (SimpleHelp) to maintain persistence and control.

      The timeline is critical. WatchTowr reports that the exploit began September 10, whereas the vendor’s public advisory arrived September 18. That eight-day window provided attackers a head start to compromise vulnerable systems before defenders were even aware of the risk. This gap underscores an essential truth in security: patching is urgent, but detection and preemptive defense are equally vital.

      On the remediation front, Fortra has published a patch and advisory (FI-2025-012) recommending upgrade to version 7.8.4 or, for those on the “Sustain” line, 7.6.3. They also advise that the Admin Console should not be exposed to the public internet and that defenders review logs for stack traces notably containing SignedObject.getObject—a telltale sign of exploitation. Meanwhile, independent analysis (e.g. by Rapid7) suggests the issue is not just a simple deserialization flaw, but part of a chain involving an access-control bypass (dating to prior years) and a mechanism by which attackers might obtain or trick the system into using the necessary private key to validate forged payloads.

      For organizations using GoAnywhere MFT, the key steps should be as follows:

      1. Immediately patch to 7.8.4 or 7.6.3.

      2. Disable or firewall off public access to administrative or licensing endpoints.

      3. Hunt for signs of compromise—especially weird license POSTs, creation of backdoor accounts, anomalous traffic, or logs referencing SignedObject.getObject.

      4. Assume compromise is possible during the window before patch deployment, and conduct a full security audit or incident response as needed.

      This event is a stark reminder that even mature, enterprise tools remain vulnerable—and that threat actors frequently gain the upper hand by acting during the period between private discovery and public patching. Vigilance, rapid response, and layered defenses remain essential guards against such risks.

      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleEverlasting Storage? DNA ‘Cassette Tape’ Could Hold 80 Million DVDs — If We Had the Time
      Next Article EvilAI Malware Masquerades as Legitimate AI Tools to Compromise Organizations

      Related Posts

      Aviation Industry Seeks to Rebrand “Drones” as Consumer and Passenger Flight Technologies

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      Aviation Industry Seeks to Rebrand “Drones” as Consumer and Passenger Flight Technologies

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026
      Popular Topics
      Tim Cook Viral spotlight Satya Nadella Tesla Cybertruck Sundar Pichai Series A Series B Space Startup Software Stocks Samsung Taiwan Tech Satellite UAE Tech starlink trending Tesla SpaceX
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.