THREATOPS
THREAT OPSCVEs › CVE-2025-10035

CVE-2025-10035 — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

CISA KEVExploited: confirmedFortra

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Vulnerability details

Related reporting