Hey folks,
There's a new critical bug in Fortra's GoAnywhere file transfer software that just came to light. It's a deserialization flaw in the License Servlet (CVE‑2025‑10035) that carries a perfect 10.0 severity rating. Attackers can exploit it to execute commands on vulnerable servers with no authentication. Fortra has already released patched versions (7.8.4 and 7.6.3) and is urging customers to upgrade immediately.
If your organization uses GoAnywhere, make sure your IT team knows about this. Have you ever had to scramble to patch a critical vulnerability like this? How do you stay on top of vendor security advisories?
There's a new critical bug in Fortra's GoAnywhere file transfer software that just came to light. It's a deserialization flaw in the License Servlet (CVE‑2025‑10035) that carries a perfect 10.0 severity rating. Attackers can exploit it to execute commands on vulnerable servers with no authentication. Fortra has already released patched versions (7.8.4 and 7.6.3) and is urging customers to upgrade immediately.
If your organization uses GoAnywhere, make sure your IT team knows about this. Have you ever had to scramble to patch a critical vulnerability like this? How do you stay on top of vendor security advisories?