What versions of GoAnywhere MFT should I upgrade to?

Fortra strongly recommends immediate upgrading for all customers to GoAnywhere MFT version 7.8.4 (latest release) or GoAnywhere MFT version 7.6.3 (Sustain Release). While Fortra has not provided specific version ranges for affected installations, all customers should upgrade immediately.

Are security researchers expecting exploitation of this GoAnywhere vulnerability?

Yes, security researchers from multiple organizations, including VulnCheck, watchTowr, and Arctic Wolf, have warned that exploitation of this vulnerability is likely imminent. The urgency of this update cannot be overstated given the maximum severity rating and the high probability of imminent exploitation attempts by threat actors.

How urgent is it to patch the GoAnywhere MFT vulnerability?

This is extremely urgent. Organizations should immediately verify their current GoAnywhere MFT version and upgrade to one of the patched releases. The urgency cannot be overstated given the maximum CVSS severity rating of 10.0, the potential for complete system compromise, and security researchers' warnings of imminent exploitation attempts.

Advisory

Maximum severity flaw reported in Fortra's GoAnywhere MFT file transfer solution

Q: What is the Fortra GoAnywhere MFT vulnerability CVE-2025-10035?

CVE-2025-10035 is a critical security vulnerability with the maximum CVSS score of 10.0 in Fortra's GoAnywhere Managed File Transfer (MFT) software. It's a deserialization vulnerability in the License Servlet component that allows attackers with a validly forged license response signature to deserialize arbitrary actor-controlled objects, leading to command injection attacks.

Q: How serious is the GoAnywhere MFT vulnerability CVE-2025-10035?

This vulnerability has the maximum CVSS score of 10.0, indicating critical severity. Attackers who successfully exploit this vulnerability can achieve complete command injection capabilities on vulnerable systems, effectively granting them the ability to execute arbitrary code with the privileges of the GoAnywhere MFT application.

Q: Has GoAnywhere MFT been targeted by ransomware groups before?

Yes, security experts have raised significant concerns due to the similarity to CVE-2023-0669, a critical flaw in GoAnywhere MFT that was exploited as a zero-day vulnerability by multiple ransomware groups in 2023. The Cl0p ransomware gang used CVE-2023-0669 between January 18-31, 2023, claiming to have compromised over 130 organizations through attacks on the file transfer platform.

Q: What can attackers accomplish with the GoAnywhere MFT vulnerability?

Attackers can achieve complete command injection capabilities on vulnerable GoAnywhere MFT systems, effectively granting them the ability to execute arbitrary code with the privileges of the GoAnywhere MFT application. This could lead to complete system compromise, data theft, and potential ransomware deployment.

published: Sept. 19, 2025

Take action: If you're using Fortra GoAnywhere MFT file transfer software, THIS IS URGENT. First step - SHUT IT DOWN. Second step - isolate it from the internet. Then upgrade to version 7.8.4 or 7.6.3. This is a maximum severity flaw, and you will be hacked. If you can't patch right away, MAKE SURE your GoAnywhere Admin Console is not accessible from the internet.

Learn More

Fortra is reporting a critical security vulnerability in its widely-used GoAnywhere Managed File Transfer (MFT) software that could enable attackers to execute arbitrary commands on vulnerable systems.

GoAnywhere MFT is an enterprise file transfer solution that enables organizations to exchange files between partners, employees, and internal systems using various protocols. Fortra's solution is used by over 3,000 organizations worldwide, including Fortune 500 businesses.

The vulnerability is tracked as CVE-2025-10035 (CVSS score 10.0) and is a deserialization vulnerability in the License Servlet component of GoAnywhere MFT that allows attackers with a validly forged license response signature to deserialize arbitrary actor-controlled objects, leading to command injection attacks.

Security experts have raised significant concerns about this vulnerability due to its similarity to CVE-2023-0669, a critical flaw in GoAnywhere MFT that was exploited as a zero-day vulnerability by multiple ransomware groups in 2023. The Cl0p ransomware gang used CVE-2023-0669 between January 18-31, 2023, claiming to have compromised over 130 organizations through their attacks on the file transfer platform.

Attackers who successfully exploit this vulnerability can achieve complete command injection capabilities on vulnerable systems, effectively granting them the ability to execute arbitrary code with the privileges of the GoAnywhere MFT application.

Security researchers from multiple organizations, including VulnCheck, watchTowr, and Arctic Wolf, have warned that exploitation of this vulnerability is likely imminent.

Fortra has not provided specific version ranges for affected installations, they strongly recommend immediate upgrading for all customers to the following:

GoAnywhere MFT version 7.8.4 (latest release)
GoAnywhere MFT version 7.6.3 (Sustain Release)

Organizations should immediately verify their current GoAnywhere MFT version and upgrade to one of the patched releases. The urgency of this update cannot be overstated given the maximum severity rating and the high probability of imminent exploitation attempts by threat actors.

For organizations that cannot immediately implement patches, Fortra strongly recommends ensuring that access to the GoAnywhere Admin Console is not publicly accessible from the internet.

Maximum severity flaw reported in Fortra's GoAnywhere MFT file transfer solution

Read More
SolarWinds Web Help Desk bug being actively attacked
Authorization bypass flaw in Juniper Security Director enables …
Festo Didactic SE MES PCs Vulnerable to 140 …
Zimbra Collaboration Suite flaw actively exploited with stored …
Active exploitation reported of Hitachi Vantara Pentaho BA …