The vulnerability tracked as CVE-2025-10035 impacts Fortra GoAnywhere MFT. It lies in the License servlet module and allows an unauthenticated attacker to retrieve a valid token, which can be use to send an object that will be deserialized and executed by the server.
Stormhield Network Security (SNS) appliance protects you from that attack, thanks to a IPS signature.
To work efficiently the HTTPS trafic must be decrypted.
| ID | Name |
| http:mix.360 | Exploitation of an authentication bypass vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035) |