GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
gbhackersA critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware.
On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0.
Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems, leading to widespread compromise.
Vulnerability Analysis
CVE-2025-10035 resides in GoAnywhere MFT versions up to 7.8.3. The flaw allows an attacker to forge a license response signature and bypass signature verification.
By sending a crafted response, the attacker triggers deserialization of arbitrary, attacker-controlled objects. This in turn enables command injection and full RCE.
| CVE ID | Vulnerability Type | Affected Product & Versions | CVSS Score (3.1) |
| CVE-2025-10035 | Deserialization flaw | GoAnywhere MFT License Servlet Admin Console ≤ 7.8.3 | 10.0 |
Because the vulnerability can be exploited without authentication when valid responses are crafted ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE