THREAT OPS › CVEs › CVE-2025-10035
CVE-2025-10035 — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
Vulnerability details
- Affected productsGoAnywhere MFT
- KEV remediation due2025-10-20