Table of Contents
Is Your Company’s Data at Risk From the New Fortra GoAnywhere Flaw CVE-2025-10035?
A critical security flaw has been found in Fortra’s GoAnywhere MFT software, and you must take immediate action to protect your data. Following the steps outlined by the manufacturer is essential to secure your file transfer systems from potential attacks.
GoAnywhere Managed File Transfer (MFT) is a tool that many companies rely on to move files securely. It helps connect internal systems with cloud services and other web applications, promising to keep company data safe during transit. However, on September 11, 2025, a serious vulnerability was identified that breaks this promise of security. This flaw, tracked as CVE-2025-10035, affects a core part of the software and puts sensitive information at high risk.
Understanding the Vulnerability
The security problem exists in the part of the software that handles licensing. Think of a software license as an ID card that proves you have permission to use the tool. The GoAnywhere software has a flaw in how it checks this ID card. Attackers discovered a way to create a special, fake license file. When the software reads this malicious file, it can be tricked into running secret commands provided by the attacker.
This is not a minor issue. It allows for what experts call “command injection,” which means an unauthorized person could take full control of the server running the GoAnywhere software. Once in control, an attacker could potentially steal, modify, or delete any files that pass through the system. They could also use your server to launch further attacks against other systems inside your network. Because the software is designed to handle sensitive files, the impact of a successful attack could be significant for any organization.
The severity of this flaw is rated 10.0 out of 10.0 on the Common Vulnerability Scoring System (CVSS). A score of 10.0 is the highest possible rating and is reserved for vulnerabilities that are easy to exploit remotely and can lead to a complete system compromise.
Immediate Actions You Must Take
The manufacturer, Fortra, has released a security update to fix this problem. However, there are two critical steps you must take right away to protect your organization. One is an immediate containment measure, and the other is the permanent solution.
Isolate the Admin Console
The most urgent step is to ensure that your GoAnywhere MFT administrative console is not accessible from the public internet. This console is the control panel for the software. Attackers are actively scanning the internet for systems where this console is left open. If the console is not exposed to the internet, it is much harder for an attacker to exploit this vulnerability. You should contact your IT or network security team to verify your firewall settings and confirm that access to the admin console is restricted to your internal network only.
Apply the Security Update
The permanent fix is to update your software to a patched version. Fortra has made fixes available in two separate releases. You need to upgrade to either version 7.8.4 or, if you are on the Sustain Release track, version 7.6.3. Applying this update patches the underlying flaw, so even if an attacker attempts to use a fake license file, the software will not be tricked into running their commands. Updating is the only way to fully resolve the issue.
How to Stay Secure
This incident is a reminder of how important it is to follow security best practices. Beyond fixing this specific issue, you should regularly review your security posture.
- Always keep your software updated to the latest versions.
- Never expose management or administrative interfaces to the public internet unless absolutely necessary, and even then, only with extra security controls like multi-factor authentication.
- Regularly audit your firewall rules to ensure they are correctly blocking unwanted traffic.
- Monitor your system and network logs for any unusual activity that could indicate an attempted or successful breach.
Taking these steps will not only resolve the threat from CVE-2025-10035 but also strengthen your defenses against future attacks.