deserialization
-
Critical CVSS-10 Flaw in Fortra GoAnywhere MFT Prompts Urgent Patch and Contingency Measures
A CVSS-10 vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) threatens enterprise data transfers. The deserialization flaw in the License Servlet could enable remote code execution if exploited. Patches are available, and experts warn that thousands of internet-facing deployments may be at immediate risk unless mitigations are applied.
-
Fortra patches critical GoAnywhere MFT flaw; admins urged to restrict internet exposure of Admin Console
Fortra has issued patches for a critical GoAnywhere MFT vulnerability (CVE-2025-10035) that could enable remote command injection via deserialization. The company urges administrators to secure Admin Console access and apply the latest updates, as Shadowserver tracks hundreds of GoAnywhere instances and exposure continues to be a concern.
-
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway
U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.
