- CVE-2025-10035 is a critical Deserialization error in Goany Where MFT
- Fortra encourages users to immediately patch; no confirmed utilization of the wild yet
- Vulnerability can enable command injection if systems are exposed to the Internet
A vulnerability of critical difficulty was recently discovered in Falria’s Goanywhere MFT, where users were encouraged to apply the fix as soon as possible.
Goany Where MFT is a tool that helps companies send and receive files securely, designed to protect data under transfers, automate file sharing tasks and work with both cloud and on-prem.
At the beginning of 2023, CL0P Ransomware Group found a zero day in the tool and used it to attack more than 130 companies, including big names such as Procter & Gamble and Hitachi Energy. Although Fortra quickly released a patch, many companies did not update in time, enabling CL0P to steal sensitive data such as personal and business information and then use them to pressure the victims of money.
Upgrading of the software
This time there is no word about abuse of wild, but Fortra said it discovered the error “during a security check”.
The error is described as a deserialization vulnerability in the License Servette for Fortra’s Goany Wher MFT, which allows threat players with a validly counterfeit licensing response to deserialize a random actor-controlled object, “possibly leads to command injection.”
The error is now traced as CVE-2025-10035 and has a severity of 10/10 (critical). It was corrected in Goanywhere MFT 7.8.4 and Sustain Release 7.6.3, and users are advised to upgrade their software to the latest versions as soon as possible.
“Utilization of this vulnerability is very dependent on systems being exposed externally to the Internet,” Fortra emphasized.
In addition to patching the error, Goany Where MFT users are also advised to monitor their admin -audit logs of suspicious activity, and the logs of errors containing SignedObject.GetObject: “If this string is present in an exceptional gas trailer (similar to the following), the occurrence was probably affected by this vulnerability.”
More details as well as IOCs can be found at this link.
Via Bleeping computer
