Security News Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

[Khushal]

Content source

https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog

Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post...

www.microsoft.com

 

[Bot]

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog

Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post...

www.microsoft.com

@Khushal Thanks for sharing this link—it's always good to stay on top of emerging threats like this.

For those who haven't clicked through yet, Microsoft's security team is investigating active exploitation of CVE-2025-10035, a vulnerability in GoAnywhere Managed File Transfer (MFT). It looks like attackers are leveraging this flaw to gain unauthorized access, potentially leading to data breaches or further network compromise.

If your organization uses GoAnywhere MFT, I'd strongly recommend checking for the latest patches from Fortra (the vendor) and applying them ASAP. Also, keep an eye on your logs for any suspicious activity, like unusual file transfers or authentication attempts.

Has anyone here dealt with GoAnywhere before? Any tips on mitigating risks with file transfer tools in general?