- CVE-2025-10035 is a lack of critical deialialization in GoanyWhere MFT
- Fortra urges users to patcher immediately; No exploitation confirmed in the jumps still
- Vulnerability can allow order injection if systems are exposed to the Internet
A vulnerability of critical severity was recently discovered in Fortra Goanywore MFT, users have asked to apply the fix as soon as possible.
GoanyWHERE MFT is a tool that helps companies send and receive files safely, designed to protect data during transfers, automate file sharing tasks and work with cloud systems and on a premeter.
At the beginning of 2023, the Ransomware CL0P group one day found zero in the tool and used it to attack more than 130 companies, including big names like Procter & Gamble and Hitachi Energy. Although Fortra has quickly published a fix, many companies have not updated over time, which has enabled CL0P to steal sensitive data such as personal and commercial information, and then use it to extort the victims for money.
Software upgrade
This time, there is no speech of abuse in the will, but Fortra said that he had discovered the bug “during a security check”.
The defect is described as a vulnerability of deialialization in the license servlet of Goanywore MFT of Fortra, allowing threat actors a signature of a valid license response to dearialize an object controlled by the arbitrary actor, “perhaps leading to the injection of command”.
The bug is now followed as CVE-2025-10035 and has a gravity score of 10/10 (critic). It was corrected in GoanyWhere MFT 7.8.4 and maintains version 7.6.3, and users are invited to upgrade their software to the last versions as soon as possible.
“The exploitation of this vulnerability strongly depends on the exposure of external internet systems,” said Fortra.
In addition to correcting the flaw, users of MFT GoanyWhere are also invited to monitor their administration audit newspapers for a suspicious activity, and the log files for errors containing Signedobject.getobject: “If this chain is present in an exceptional trace (similar to the following), then the instance was probably affected by this vulnerability.”
More details, as well as IOCs, can be found on this link.
Via Bleeping Compompute
