All articles tagged with #goanywhere mft
A critical vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) has been exploited by the cybercrime group Storm-1175 in Medusa ransomware attacks since September 2025, leading to widespread compromises and urging organizations to update their systems to prevent further damage.
An exploit has been released for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software, allowing attackers to create new admin users on unpatched instances. While Fortra silently patched the bug in December, a technical analysis and proof-of-concept exploit have now been published, raising concerns about potential attacks. This comes after the Clop ransomware gang breached over 100 organizations by exploiting a different flaw in the same software, highlighting the ongoing threat to MFT platforms from cybercriminals.
Fortra warns of a critical authentication bypass vulnerability, CVE-2024-0204, in GoAnywhere MFT versions before 7.4.1, allowing unauthorized creation of admin users. The flaw, discovered in December 2023, could lead to device takeover and data breaches. Fortra advises immediate patching to version 7.4.1 and provides manual mitigation steps. While no active exploitation has been reported, the potential for PoC exploits exists. This follows a previous incident where the Clop ransomware gang exploited a different flaw in GoAnywhere MFT, causing widespread data theft attacks on numerous organizations.