Security Advisory

CVE-2025-10035

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-18 22:01:51

Last updated 2026-02-26 17:48:26

Assigner Fortra

State PUBLISHED

Description

A deserialization vulnerability in the License Servlet of Fortras GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

← Browse all CVEs View on cve.org ↗