Close Menu
TechurzTechurz
    What's Hot

    Station F ramps up as a launchpad for Europe’s hottest AI startups

    July 6, 2026

    Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent

    July 6, 2026

    Uber’s European expansion plans may have hit a speed bump

    July 5, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    • Uber’s European expansion plans may have hit a speed bump
    • IQM, Europe’s first public quantum company, admits the future of the tech is uncertain
    • Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
    Cyber Reality

    Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

    TechurzBy TechurzSeptember 26, 2025Updated:May 10, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 26, 2025Ravie LakshmananVulnerability / Threat Intelligence

    Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.

    “This is not ‘just’ a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a vulnerability that has been actively exploited in the wild since at least September 10, 2025,” Benjamin Harris, CEO and Founder of watchTowr, told The Hacker News.

    The vulnerability in question is CVE-2025-10035, which has been described as a deserialization vulnerability in the License Servlet that could result in command injection without authentication. Fortra GoAnywhere version 7.8.4, or the Sustain Release 7.6.3, was released by Fortra last week to remediate the problem.

    According to an analysis released by watchTowr earlier this week, the vulnerability has to do with the fact that it’s possible to send a crafted HTTP GET request to the “/goanywhere/license/Unlicensed.xhtml/” endpoint to directly interact with the License Servlet (“com.linoma.ga.ui.admin.servlet.LicenseResponseServlet”) that’s exposed at “/goanywhere/lic/accept/” using the GUID embedded in the response to the earlier sent request.

    Armed with this authentication bypass, an attacker can take advantage of inadequate deserialization protections in the License Servlet to result in command injection. That said, exactly how this occurs is something of a mystery, researchers Sonny Macdonald and Piotr Bazydlo noted.

    Cybersecurity vendor Rapid7, which also released its findings into CVE-2025-10035, said it’s not a single deserialization vulnerability, but rather a chain of three separate issues –

    • An access control bypass that has been known since 2023
    • The unsafe deserialization vulnerability CVE-2025-10035, and
    • An as-yet unknown issue pertaining to how the attackers can know a specific private key

    In a subsequent report published Thursday, watchTowr said it received evidence of exploitation efforts, including a stack trace that enables the creation of a backdoor account. The sequence of the activity is as follows –

    • Triggering the pre-authentication vulnerability in Fortra GoAnywhere MFT to achieve remote code execution (RCE)
    • Using the RCE to create a GoAnywhere user named “admin-go”
    • Using the newly created account to create a web user
    • Leveraging the web user to interact with the solution and upload and execute additional payloads, including SimpleHelp and an unknown implant (“zato_be.exe”)

    The cybersecurity company also said the threat actor activity originated from the IP address 155.2.190[.]197, which, according to VirusTotal, has been flagged for conducting brute-force attacks targeting Fortinet FortiGate SSL VPN appliances.

    Given signs of in-the-wild exploitation, it’s imperative that users move quickly to apply the fixes, if not already. The Hacker News has reached out to Fortra for comment, and we will update the story if we hear back.

    0Day CVSS disclosure exploited flaw Fortra GoAnywhere Public Week
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBest early Amazon Prime Day Samsung deals 2025: My 23 favorites sales ahead of October
    Next Article AI is more likely to transform your job than replace it, Indeed finds
    Techurz
    • Website

    Related Posts

    Opinion

    IQM, Europe’s first public quantum company, admits the future of the tech is uncertain

    July 2, 2026
    Opinion

    As AI companies race to go public, who else is along for the ride?

    June 14, 2026
    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.