Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical deserialization vulnerability in Fortra GoAnywhere MFT can lead to remote code execution. Patch Immediately!
Image
Gepubliceerd : 19/09/2025
* Last update: 19/09/2025
* Affected products:
→ Fortra GoAnywhere MFT* Type: Remote code execution
* CVE/CVSS:
- CVE-2025-10035: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Fortra - https://www.fortra.com/security/advisories/product-security/fi-2025-012
Risks
On 18 September 2025, Fortra released an advisory concerning their product GoAnywhere MFT. The advisory warns of a critical vulnerability – CVE-2025-10035 - which, if exploited, could lead to remote code execution.
Fortra GoAnywhere MFT was largely targeted by ransomware actors in 2023 The vulnerability that was then exploited presents similarities to CVE-2025-10035 in that both are deserialization vulnerabilities that can lead to command injection. It is therefore highly likely that threat actors will once again attempt to target GoAnywhere MFT instances.
There is at this time no report of active exploitation (cut-off date: 19 September 2025).
Exploitation of this vulnerability can have high impact on confidentiality, integrity and availability.
Description
CVE-2025-10035 is a deserialization vulnerability affecting the License Servlet of Fortra's GoAnywhere MFT. Exploitation of this vulnerability could allow an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and remote code execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Please note that Fortra recommends verifying that the GoAnywhere Admin Console is not open to the public. Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Hacker News - https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html