CVE-2025-10035

⚠ KEVEPSS 59.3%

Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

Added to CISA KEV: 9/29/2025

Description

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Affected packages (0)

No package mapping in OSV.