Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

      July 16, 2026

      Record Industry Pushes for AI Labels on Streaming Music

      July 15, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026
      • AI

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Record Industry Pushes for AI Labels on Streaming Music

        July 15, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Anthropic Doubles Down on New York as AI Talent War Intensifies

        July 15, 2026
      • Security

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026

        EU Lawmakers Advance Controversial Private Message Scanning Measure Despite Mounting Privacy Concerns

        July 12, 2026

        Scramble Intensifies to Secure America Against Emerging AI National Security Threats

        July 12, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Critical GoAnywhere MFT Flaw Actively Exploited — Agencies Ordered to Patch
      Tech

      Critical GoAnywhere MFT Flaw Actively Exploited — Agencies Ordered to Patch

      Updated:February 21, 20264 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Critical GoAnywhere MFT Flaw Actively Exploited — Agencies Ordered to Patch
      Critical GoAnywhere MFT Flaw Actively Exploited — Agencies Ordered to Patch
      Share
      Facebook Twitter LinkedIn Pinterest Email

      A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035, has rapidly escalated into a serious security incident: the flaw is a deserialization bug in the License Servlet allowing command injection via a forged license response signature, and security researchers report credible evidence that it was exploited in the wild as early as September 10, 2025 — eight days before public disclosure. Microsoft‘s security team attributes ongoing attacks to a known threat actor group, Storm-1175, which has leveraged the vulnerability in multiple stages including remote monitoring tool deployment, lateral movement, and ransomware installation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-10035 to its Known Exploited Vulnerabilities (KEV) list and ordered federal civilian agencies to remediate the flaw by October 20, 2025. Users of GoAnywhere MFT are urged to immediately patch to versions 7.8.4 (or 7.6.3 for sustain release) and isolate the Admin Console from public network exposure.

      Sources: Microsoft, CISA.gov

      Key Takeaways

      – CVE-2025-10035 is a critical, unauthenticated deserialization vulnerability in the GoAnywhere License Servlet, rated CVSS 10.0, which enables remote code execution via a forged license response signature.

      – Evidence suggests the vulnerability was being actively exploited well before the public patch release, and a known ransomware-capable threat group (Storm-1175) is tied to real attacks leveraging it.

      – Because the exploit depends on Admin Console exposure, immediate mitigation steps include patching to GoAnywhere MFT 7.8.4 or sustain release 7.6.3, removing public access to the administration interface, and monitoring for suspicious “SignedObject.getObject” log entries.

      In-Depth

      This incident underscores once again how enterprise file transfer software can become a prime target for attackers, especially when flaws allow unauthenticated access to critical internal mechanisms. The root of the problem lies in GoAnywhere’s License Servlet, which, in vulnerable versions (pre-7.8.4 or pre-7.6.3 sustain), fails to sufficiently validate serialized data. If an attacker can forge a license response signature, they can cause the system to deserialize attacker-controlled objects, leading to arbitrary code execution deep inside the server environment.

      What intensifies the severity here is that exploitation does not require prior authentication; an attacker merely needs network access to the vulnerable endpoint. That means that any Admin Console or License interface exposed to the internet becomes a direct attack vector. Security firms — in particular watchTowr — assert they have credible evidence of exploitation dating back to September 10, 2025, which predates the public advisory on September 18. This timeline suggests that attackers leveraged zero-day capabilities before most defenders had awareness or time to respond.

      Microsoft’s reporting ties the exploitation to Storm-1175, a group already known for deploying the Medusa ransomware family. In observed campaigns, the attackers exploited CVE-2025-10035 for initial access, dropped remote monitoring/management (RMM) tools like SimpleHelp and MeshAgent, planted web shells (.jsp files), used internal discovery (e.g. netscan) and lateral movement (mstsc.exe), and set up command-and-control infrastructure (sometimes via Cloudflare tunnels). The final payload in at least one observed environment was Medusa ransomware.

      Given the confirmed exploitation and the critical nature of this flaw, U.S. federal agencies were mandated to patch by October 20 via CISA’s binding directive, and the CVE has now been listed in the KEV catalog. But this isn’t just a U.S. government issue — any organization using GoAnywhere MFT faces serious risk if their Admin Console is exposed or their instances are unpatched.

      For defenders, patching is the first priority. But for systems that can’t be updated immediately, the workaround is to entirely restrict public access to the Admin / License endpoints — e.g., placing them behind VPN/NAT, firewall rules, or segmentation. Log monitoring is also essential: look for license validation activity, deserialization errors involving “SignedObject.getObject,” or the use of RMM tools in odd contexts. Threat hunting hammering on indicators tied to Storm-1175’s known toolset and tactics is warranted.

      In the broader picture, this flaw mirrors earlier exploits of managed file transfer platforms (such as MOVEit, Accellion, or earlier GoAnywhere vulnerabilities), reinforcing a pattern: systems designed to move sensitive data between systems (often under the assumption of internal trust) become high-value targets when a single flaw unlocks administrative power. Organizations must maintain defense in depth: network exposure controls, aggressive patch cycles, layered monitoring, and incident readiness. In this case, the margin for delay is slim — the evidence suggests attacks are already underway, making urgent remediation not just best practice, but imperative.

      Ransomware
      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleCrimson Collective Claims Nintendo Breach Amid Broader Red Hat Hack Fallout
      Next Article Critical Password Reset Flaw in TheTruthSpy Spyware Exposes Victims to Hijacking

      Related Posts

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Popular Topics
      Sundar Pichai Satya Nadella trending Tesla Cybertruck Satellite Software Tesla Startup SpaceX Taiwan Tech Samsung Stocks Series A UAE Tech Tim Cook Series B Viral spotlight Space starlink
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.