Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
https://www.darkreading.com/vulnerabilities-threats/medusa-ransomware-exploit-fortra-goanywhere-flaw
https://therecord.media/cisa-orders-federal-gov-patch-fortra-bug
https://www.theregister.com/2025/09/26/an_apts_playground_goanywhere_perfect10/
https://cyberscoop.com/goanywhere-vulnerability-active-exploitation-september-2025/
https://hackread.com/critical-cvss-10-flaw-goanywhere-file-transfer/
https://www.securityweek.com/fortra-patches-critical-goanywhere-mft-vulnerability/
https://www.helpnetsecurity.com/2025/09/22/fortra-goanywhere-vulnerability-cve-2025-10035/
https://www.theregister.com/2025/09/19/gortra_goanywhere_bug/
https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html
https://cyberscoop.com/goanywhere-file-transfer-service-vulnerability-september-2025/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/
https://www.tenable.com/blog/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-vulnerability