Watchtower Labs Warns: 20,000 GoAnywhere MFT Instances Exposed to Severe Vulnerability
Cybersecurity firm Watchtower Labs has discovered over 20,000 internet-facing instances of GoAnywhere MFT, including those belonging to Fortune 500 corporations. This revelation comes after a serious vulnerability in the software was exploited by hackers last month.
The vulnerability, identified as CVE-2025-10035, is a deserialization flaw in the License Servlet of Fortra's GoAnywhere MFT. This allows attackers to execute arbitrary commands on affected systems. The exploit was first observed on September 10, 2025, a week before Fortra publicly disclosed the issue on September 18.
Fortra has since released patched versions 7.8.4 and 7.6.3 to address the vulnerability. To mitigate the risk, Fortra recommends limiting public access to the GoAnywhere Admin Console.
With over 20,000 instances exposed online, including those at major companies, the potential impact of this vulnerability is significant. Companies are urged to apply the patches and follow Fortra's recommendations to secure their systems.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Dubai's WETEX 2023: Global Showcase for Clean Energy & Sustainability
- Nissan Bolsters Supply Chain Compliance with New Manager and Digital Tools
