Cyberdudebivash

  Executive summary A maximum-severity (CVSS 10.0) vulnerability, CVE-2025-10035 , affects Fortra GoAnywhere Managed File Transfer (MFT) . A flaw in the License Servlet allows an attacker who can provide a validly forged license response signature to trigger unsafe deserialization , which can lead to remote command injection and full system compromise. Patches are available ( 7.8.4 latest / 7.6.3 sustain). Internet-exposed Admin Consoles face the highest risk and should be immediately restricted and updated . Fortra What’s vulnerable & impact Component : GoAnywhere MFT License Servlet (admin side). Bug class : Deserialization of untrusted data → command injection (CWE-502, CWE-77). Pre-auth? Exploitation is over the network without user interaction or prior auth , provided the attacker can craft a license response with a valid forged signature . Exposure is far worse when the Admin Console is public-facing . Fortra +2 Rapid7 +2 Business risk : RCE on an...