CVE-2025-10035

Critical KEV CVSS: 10.0

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Vendor

Fortra

Product

Goanywhere Managed File Transfer

CWE

CWE-77

Yayın Tarihi

2025-09-18 22:15:41

Güncelleme

2025-10-24 13:44:10

Source Identifier

df4dee71-de3a-4139-9588-11b62fe6c0ff

KEV Date Added

2025-09-29

Kategoriler

CWE-77 Goanywhere Managed File Transfer CRITICAL Fortra 2025

Referanslar

https://www.fortra.com/security/advisories/product-security/fi-2025-012 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10035

Benzer Kayıtlar

Medium

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with a…

Medium

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an a…

Low

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error…