Full Report
The vulnerability carries a severity score of 10 out of 10 and has caused alarm among cybersecurity experts who have criticized Fortra for not saying whether it has seen the bug being exploited.
Analysis Summary
# Vulnerability: Critical Vulnerability in Fortra GoAnywhere MFT Allowing Third-Party Exposure
## CVE Details
- CVE ID: CVE-2025-10035
- CVSS Score: 10.0 (Critical)
- CWE: Not specified in context, but described as leading to unauthorized third-party exposure.
## Affected Systems
- Products: Fortra GoAnywhere MFT solution
- Versions: All versions containing the vulnerable component (implied, as patch was released shortly after discovery).
- Configurations: Primarily relevant to organizations with a GoAnywhere admin console exposed to the internet.
## Vulnerability Description
The vulnerability, discovered on September 11, 2025, could allow unauthorized third-party exposure if the affected customers have their GoAnywhere Admin Console accessible over the internet. While the technical specifics of the flaw were not detailed, initial research suggests it is a severe vulnerability that resembles CVE-2023-0669.
## Exploitation
- Status: Exploited in the wild (reported by security researchers; CISA placed it on the KEV list).
- Complexity: Implied Low/Medium, given the critical score and reports of active exploitation.
- Attack Vector: Network (due to requirement for an internet-facing Admin Console).
## Impact
- Confidentiality: High (Potential for unauthorized exposure/access).
- Integrity: High (Potential for system compromise).
- Availability: High (Potential for service disruption if exploited).
## Remediation
### Patches
- A patch has been developed and released by Fortra. (Specific version numbers are not given in the context).
### Workarounds
- Customers should immediately review configurations and **remove public access from the GoAnywhere Admin Console**.
## Detection
- **Indicators of Compromise (IOCs):** Not explicitly detailed in the summary, but monitoring for unauthorized access attempts or unexpected file activity related to the MFT service should be prioritized.
- **Detection Methods and Tools:** Based on CISA's action, checking the KEV catalog for updated guidance is critical. Organizations should review network perimeter logs for unusual ingress to the Admin Console/MFT service.
## References
- Fortra Security Advisory: hxxps://www.fortra.com/security/advisories/product-security/fi-2025-012
- CISA KEV Catalog: hxxps://www.cisa.gov/known-exploited-vulnerabilities-catalog
- WatchTowr Analysis: hxxps://labs.watchtowr.com/is-this-bad-this-feels-bad-goanywhere-cve-2025-10035