Fortra GoAnywhere Targeted In New Attacks: Researchers

Based on ‘credible evidence of in-the-wild exploitation’ of a maximum-severity vulnerability, the GoAnywhere file transfer platform has been seeing attacks as far back as Sept. 10, according to researchers at cybersecurity vendor watchTowr.

Fortra’s GoAnywhere file transfer platform has been exploited in a wave of attacks involving a maximum-severity vulnerability, according to researchers at cybersecurity vendor watchTowr.

The GoAnywhere vulnerability (tracked as CVE-2025-10035) — which has received a severity rating of 10.0 out of 10.0 — was disclosed by Fortra on Sept. 18, though without any mention of exploitation activity.

[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]

In a post Thursday, watchTowr researchers wrote that they have received “credible evidence of in-the-wild exploitation” of the vulnerability, which can be exploited to enable remote injection of commands without a user needing to authenticate.

Notably, the evidence suggests that attacks exploiting the GoAnywhere flaw began as far back as Sept. 10, according to the watchTowr researchers.

“That is eight days before Fortra’s public advisory, published September 18,” the researchers wrote.

CRN has reached out to Fortra for comment.

In the Sept. 18 advisory, Fortra said that the vulnerability in the GoAnywhere managed file transfer platform “allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.”

Fortra said that the vulnerability was discovered Sept. 11. Fixes are available for the vulnerability in the updated version 7.8.4 (or the sustain release version 7.6.3).

The cybersecurity and business software vendor previously saw widespread attacks targeting GoAnywhere in early 2023, when a zero-day vulnerability was exploited to steal data from numerous large organizations.