CyberSecurityBoard
Sponsor Register Login

GoAnywhere MFT Platform Vulnerability: Critical Flaw Exposes Data to Attackers

A critical vulnerability has been discovered in the GoAnywhere Managed File Transfer (MFT) platform, widely used by enterprises for secure file transfers. This flaw allows attackers to potentially execute unauthorized commands and access sensitive data, posing a significant risk to organizations relying on this software. The vulnerability stems from improper input validation, which can be exploited remotely without authentication. Security researchers have urged users to apply patches immediately to mitigate the threat. The GoAnywhere MFT platform is integral to many businesses for automating and securing file transfers, making this vulnerability particularly concerning. Cybersecurity teams should prioritize updating their systems and monitoring for any suspicious activity related to this exploit. This incident highlights the ongoing challenges in securing file transfer solutions and the importance of timely patch management. Organizations are advised to review their security protocols and ensure comprehensive protection against similar threats in the future.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 19 Sep 2025 11:10:20 +0000


Cyber News related to GoAnywhere MFT Platform Vulnerability: Critical Flaw Exposes Data to Attackers

Exploit released for Fortra GoAnywhere MFT auth bypass bug - Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based ...
1 year ago Bleepingcomputer.com CVE-2024-0204
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
Fortra's GoAnywhere MFT Software Faces Exploitation, No Evidence of Active Exploitation Detected - Reports on the exploitation of Fortra's GoAnywhere MFT file transfer software raised concerns due to the potential development of exploit code from a publicly released Proof of Concept. As of Thursday afternoon, there was no evidence of active ...
1 year ago Cysecurity.news CVE-2024-0204 LockBit
Revealing a Way to Take Advantage of a Newly Discovered Security Flaw in GoAnywhere MFT - A security researcher has released proof-of-concept exploit code that can be used to perform unauthenticated remote code execution on vulnerable GoAnywhere MFT servers. GoAnywhere MFT is a web-based and managed file transfer tool designed to help ...
2 years ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Maximum severity GoAnywhere MFT flaw exploited as zero-day - A critical zero-day vulnerability in the GoAnywhere Managed File Transfer (MFT) software is currently being exploited in the wild, posing a significant security risk to organizations using this platform. The flaw, rated with maximum severity, allows ...
1 week ago Bleepingcomputer.com CVE-2023-34362
Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused - A security vulnerability in GoAnywhere MFT, a web-based and managed file transfer tool, has been actively exploited. The exploit code was released by Florian Hauser of Code White, which allows for unauthenticated remote code execution on vulnerable ...
2 years ago Bleepingcomputer.com
Fortra Releases Critical Patch for CVSS 10.0 Vulnerability in GoAnywhere MFT - Fortra has released a critical security patch addressing a CVSS 10.0 vulnerability in its GoAnywhere Managed File Transfer (MFT) software. This vulnerability poses a severe risk as it allows remote code execution, potentially enabling attackers to ...
2 weeks ago Thehackernews.com CVE-2025-12345
Emergency Fix Released for GoAnywhere MFT ZeroDay Vulnerability Being Exploited - Fortra has released an emergency patch to address a security flaw in its GoAnywhere MFT secure file transfer tool that is being actively exploited by attackers. The vulnerability allows them to gain remote code execution on vulnerable GoAnywhere MFT ...
2 years ago Bleepingcomputer.com
Microsoft warns of critical GoAnywhere bug exploited in ransomware attacks - Microsoft has issued a critical security warning regarding a vulnerability in the GoAnywhere managed file transfer (MFT) software, which is actively being exploited by ransomware attackers. The flaw, identified as CVE-2023-0669, allows threat actors ...
1 day ago Bleepingcomputer.com CVE-2023-0669
GoAnywhere MFT Platform Vulnerability: Critical Flaw Exposes Data to Attackers - A critical vulnerability has been discovered in the GoAnywhere Managed File Transfer (MFT) platform, widely used by enterprises for secure file transfers. This flaw allows attackers to potentially execute unauthorized commands and access sensitive ...
2 weeks ago Cybersecuritynews.com CVE-2023-3519
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Fortra warns of max-severity flaw in GoAnywhere MFT's License Servlet - Fortra has issued a critical security warning regarding a maximum severity vulnerability found in the License Servlet component of its GoAnywhere Managed File Transfer (MFT) software. This flaw poses a significant risk as it could allow unauthorized ...
2 weeks ago Bleepingcomputer.com CVE-2024-28199
GoAnywhere 0-day RCE exploited by MedusaLocker ransomware gang - A critical zero-day remote code execution (RCE) vulnerability in the GoAnywhere Managed File Transfer (MFT) software has been actively exploited by the MedusaLocker ransomware group. This vulnerability allows attackers to execute arbitrary code on ...
1 day ago Cybersecuritynews.com CVE-2023-0669 MedusaLocker
A Fix Released to Stop the Unauthorized Use of GoAnywhere MFT Software - Recently, a zero-day vulnerability was discovered in the GoAnywhere managed file transfer software, and news of active exploitation has been reported. Fortra, formerly known as HelpSystems, released two security notifications with mitigations and ...
2 years ago Securityweek.com
Hackers Can Gain Access to Servers Through a GoAnywhere MFT Security Flaw - GoAnywhere MFT, a secure web file transfer solution, has warned customers of a zero-day remote code execution vulnerability on exposed administrator consoles. This exploit requires access to the administrative console, which should not normally be ...
2 years ago Bleepingcomputer.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
Fortra GoAnywhere 0-Day Vulnerability Exploited in the Wild - A critical zero-day vulnerability has been discovered in Fortra's GoAnywhere MFT (Managed File Transfer) software, actively exploited by threat actors. This flaw allows unauthenticated attackers to execute arbitrary code remotely, posing significant ...
1 week ago Cybersecuritynews.com CVE-2023-34362
Microsoft issues critical patch for GoAnywhere zero-day exploited in attacks - Microsoft has released a critical security update addressing a zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer) software, which has been actively exploited by threat actors. The vulnerability allows attackers to execute arbitrary ...
1 day ago Infosecurity-magazine.com CVE-2023-34362
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)