On 18 September 2025, Fortra released a patch addressing a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035. The vulnerability stems from a deserialisation flaw in the License Servlet of GoAnywhere MFT, allowing a remote threat actor with a valid forged license response signature to deserialise an arbitrary, threat-actor-controlled object and potentially achieve command injection.
Arctic Wolf has not observed exploitation of CVE-2025-10035 and is not aware of any publicly available proof-of-concept exploit at this time. GoAnywhere MFT solutions remain highly attractive targets for threat actors due to their role in sensitive file transfers. In 2023, the Cl0p ransomware group targeted GoAnywhere MFT via CVE-2023-0669, resulting in data exfiltration from numerous victims.
Recommendations for CVE-2025-10035
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Fortra GoAnywhere MFT | Versions prior to 7.8.4 or 7.6.3 | 7.8.4 (latest release) or 7.6.3 (sustain release) |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
Remove GoAnywhere MFT from Public Internet Exposure
Fortra recommends ensuring that access to the GoAnywhere Admin Console is not publicly accessible from the internet. Exploitation of CVE-2025-10035 and other potential future GoAnywhere MFT vulnerabilities are highly dependent on systems being publicly accessible from the internet.
References
Resources
Understand the threat landscape with our annual review highlighting cyber threats with the 2025 Security Operations Report.
See how Arctic Wolf utilises threat intelligence to harden your attack surface and stop threats earlier and faster.
