{"id":222193,"date":"2025-09-20T04:24:29","date_gmt":"2025-09-20T09:24:29","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/09\/fortra-releases-critical-patch-for-cvss-10-0-goanywhere-mft-vulnerability"},"modified":"2025-09-20T04:24:29","modified_gmt":"2025-09-20T09:24:29","slug":"fortra-releases-critical-patch-for-cvss-10-0-goanywhere-mft-vulnerability","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/09\/fortra-releases-critical-patch-for-cvss-10-0-goanywhere-mft-vulnerability","title":{"rendered":"Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fortra-releases-critical-patch-for-cvss-10-0-goanywhere-mft-vulnerability.jpg\"><\/a><\/p>\n<p>\u201cA deserialization vulnerability in the License Servlet of Fortra\u2019s GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection,\u201d Fortra <a href=\"https:\/\/www.fortra.com\/security\/advisories\/product-security\/fi-2025-012\" rel=\"noopener\" target=\"_blank\">said<\/a> in an advisory released Thursday.<\/p>\n<p>The company also noted that successful exploitation of the vulnerability is dependent on the system being publicly accessible over the internet.<\/p>\n<p>Users are advised to update to the patched release \u2013 version 7.8.4, or the Sustain Release 7.6.3 \u2013 to safeguard against potential threats. If immediate patching is not possible, it\u2019s advisable to ensure that access to the GoAnywhere Admin Console is not open to the public.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cA deserialization vulnerability in the License Servlet of Fortra\u2019s GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection,\u201d Fortra said in an advisory released Thursday. The company also noted that successful exploitation of the vulnerability is dependent on the system being [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418],"tags":[],"class_list":["post-222193","post","type-post","status-publish","format-standard","hentry","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=222193"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222193\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=222193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=222193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=222193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}