watchTowr Labs

A CVSS-10 vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) threatens enterprise data transfers. The deserialization flaw in the License Servlet could enable remote code execution if exploited. Patches are available, and experts warn that thousands of internet-facing deployments may be at immediate risk unless mitigations are applied.