Investigating active exploitation of cve-2025-10035 goanywhere managed file transfer vulnerability

Intel Name: Investigating active exploitation of cve-2025-10035 goanywhere managed file transfer vulnerability

Date of Scan: October 8, 2025

Impact: High

Summary:
On September 18, 2025, a critical vulnerability (CVE-2025-10035, CVSS 10.0) was disclosed in GoAnywhere MFT’s License Servlet, affecting versions up to 7.8.3. The flaw allows attackers to bypass signature verification and deserialize arbitrary objects, potentially leading to command injection and remote code execution. Microsoft identified the threat group Storm-1175 exploiting this vulnerability, known for deploying Medusa ransomware. The attack requires a forged license response but can be unauthenticated if crafted or intercepted successfully. This makes the vulnerability especially dangerous for publicly exposed systems.

More Details