CVE-2025-10035

ENISA EUVD: EUVD-2025-30225 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 5 articles Published: 2025-09-18

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

59.34%

probability

This CVE has a 59.34% probability of being exploited in the next 30 days.

0% Top 98.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Affected Products

Fortra

GoAnywhere MFT

fortra

goanywhere managed file transfer

Fortra

GoAnywhere MFT

0 ≤7.8.3

Attack Intelligence

CWE-502 · Deserialization of Untrusted Data CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection CWE-913 · Improper Control of Dynamically-Managed Code Resources

Exploits & PoC

rxerium/CVE-2025-10035

Detection for CVE-2025-10035

19 2025-10-14

ThemeHackers/CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to

1 2025-09-26

orange0Mint/CVE-2025-10035_GoAnywhere

CVE-2025-10035_GoAnywhere Get RCE

0 2025-09-27

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.fortra.com/security/advisories/product-security/fi-2025-012

Signal Intelligence

Confidenceⓘ

95%

EPSS 59.34%

CVSS v3.1 10

Mentions 5

CNA Information

CNA Assigner

Fortra

CNA Title

Deserialization Vulnerability in GoAnywhere MFT's License Servlet

Analyst Note

CVE-2025-10035 meets all zero-day criteria: watchTowr Labs documented active exploitation as early as September 10, 2025, a full week BEFORE public disclosure on September 17, 2025. Multiple sources confirm exploitation in the wild by Storm-1175 ransomware operators preceding patch availability, with Fortra confirming active exploitation from at least September 11, 2025.