Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
hackread.comLatest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.
A CVSS 10.0 deserialization vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution is now being actively exploited by the Medusa ransomware group, according to a latest update from Microsoft.
The flaw, reported on September 25 by Hackread.com, is a dangerous deserialization vulnerability residing in the MFT’s License Servlet. This allows an attacker to achieve unauthenticated Remote Code Execution (RCE) and full system takeover.
By forging a license response signature, an attacker can bypass security checks, forcing the software to execute malicious code. This high-risk RCE capability makes all internet-exposed GoAnywhere instances highly vulnerable.
The Exploitation Timeline and Independent Confirmation
Although Fortra published an alert and patch on September 18, 2025, security researchers from watchTowr Labs found exploitation activity dating back ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE