Fortra investigated CVE-2025-10035, a critical deserialization vulnerability in GoAnywhere Managed File Transfer, exploited since September 11, 2025. The vulnerability, allowing command injection without authentication, was patched on September 12, with full releases on September 15. While the vulnerability is limited to exposed admin consoles, unauthorized activity has been reported.
Edward Kiledjian
@ekiledjian