CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra urged GoAnywhere users to upgrade to version 7.8.4 or v7.6.3 (Sustain Release) to fix a deserialization vulnerability in the solution’s License Servlet, which “allows an actor with a validly forged license response signature to deserialize an … More →The post Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) appeared first on Help Net Security.