CyberSecurityBoard
Sponsor Register Login

Patch Fortra GoAnywhere Bug to Stop Command Injection Attacks

A critical vulnerability in Fortra's GoAnywhere managed file transfer software has been identified, allowing attackers to perform command injection attacks. This flaw, tracked as CVE-2023-3519, enables remote code execution, posing significant risks to organizations using the platform. Fortra has released an urgent patch to address this security gap, urging all users to update immediately to prevent exploitation. The vulnerability could be leveraged by threat actors to gain unauthorized access, execute arbitrary commands, and potentially compromise sensitive data. Cybersecurity experts emphasize the importance of timely patching and continuous monitoring to mitigate risks associated with such critical vulnerabilities. This incident highlights the ongoing challenges in securing file transfer solutions and the need for robust security practices in enterprise environments. Organizations are advised to review their security posture, apply the patch, and monitor for any suspicious activity related to this vulnerability. Staying informed about emerging threats and promptly addressing software flaws remain key strategies in defending against cyberattacks.

This Cyber News was published on www.darkreading.com. Publication date: Fri, 19 Sep 2025 20:45:06 +0000


Cyber News related to Patch Fortra GoAnywhere Bug to Stop Command Injection Attacks

Exploit released for Fortra GoAnywhere MFT auth bypass bug - Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based ...
1 year ago Bleepingcomputer.com CVE-2024-0204
Fortra's GoAnywhere MFT Software Faces Exploitation, No Evidence of Active Exploitation Detected - Reports on the exploitation of Fortra's GoAnywhere MFT file transfer software raised concerns due to the potential development of exploit code from a publicly released Proof of Concept. As of Thursday afternoon, there was no evidence of active ...
1 year ago Cysecurity.news CVE-2024-0204 LockBit
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
9 months ago Cybersecuritynews.com
Alert for GoAnywhere MFT Users Potential ZeroDay Vulnerability Detected - Users of the GoAnywhere secure managed file transfer software have been warned about a potential security risk. This software, created by Fortra (formerly known as HelpSystems), is designed to help organizations securely exchange data with their ...
2 years ago Securityweek.com
Fortra Releases Critical Patch for CVSS 10.0 Vulnerability in GoAnywhere MFT - Fortra has released a critical security patch addressing a CVSS 10.0 vulnerability in its GoAnywhere Managed File Transfer (MFT) software. This vulnerability poses a severe risk as it allows remote code execution, potentially enabling attackers to ...
3 months ago Thehackernews.com CVE-2025-12345
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released - The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. FileCatalyst Workflow is a web-based file ...
1 year ago Bleepingcomputer.com CVE-2024-5276 CVE-2023-0669
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Fortra GoAnywhere 0-Day Vulnerability Exploited in the Wild - A critical zero-day vulnerability has been discovered in Fortra's GoAnywhere MFT (Managed File Transfer) software, actively exploited by threat actors. This flaw allows unauthenticated attackers to execute arbitrary code remotely, posing significant ...
2 months ago Cybersecuritynews.com CVE-2023-34362
Revealing a Way to Take Advantage of a Newly Discovered Security Flaw in GoAnywhere MFT - A security researcher has released proof-of-concept exploit code that can be used to perform unauthenticated remote code execution on vulnerable GoAnywhere MFT servers. GoAnywhere MFT is a web-based and managed file transfer tool designed to help ...
2 years ago Bleepingcomputer.com
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released - Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published. Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, ...
1 year ago Helpnetsecurity.com CVE-2024-25153
Patch Fortra GoAnywhere Bug to Stop Command Injection Attacks - A critical vulnerability in Fortra's GoAnywhere managed file transfer software has been identified, allowing attackers to perform command injection attacks. This flaw, tracked as CVE-2023-3519, enables remote code execution, posing significant risks ...
3 months ago Darkreading.com CVE-2023-3519
Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused - A security vulnerability in GoAnywhere MFT, a web-based and managed file transfer tool, has been actively exploited. The exploit code was released by Florian Hauser of Code White, which allows for unauthenticated remote code execution on vulnerable ...
2 years ago Bleepingcomputer.com
Microsoft warns of critical GoAnywhere bug exploited in ransomware attacks - Microsoft has issued a critical security warning regarding a vulnerability in the GoAnywhere managed file transfer (MFT) software, which is actively being exploited by ransomware attackers. The flaw, identified as CVE-2023-0669, allows threat actors ...
2 months ago Bleepingcomputer.com CVE-2023-0669
Emergency Fix Released for GoAnywhere MFT ZeroDay Vulnerability Being Exploited - Fortra has released an emergency patch to address a security flaw in its GoAnywhere MFT secure file transfer tool that is being actively exploited by attackers. The vulnerability allows them to gain remote code execution on vulnerable GoAnywhere MFT ...
2 years ago Bleepingcomputer.com
Malicious use of Cobalt Strike down 80% after crackdown, Fortra says | The Record from Recorded Future News - Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and Fortra, which bought Cobalt Strike in 2020, have worked since 2023 to address the longstanding issue of pirated and unlicensed versions of the software being downloaded ...
9 months ago Therecord.media
Medusa ransomware exploit targets Fortra GoAnywhere flaw - A new ransomware strain named Medusa is actively exploiting a critical vulnerability in Fortra's GoAnywhere managed file transfer software. This flaw allows attackers to execute arbitrary code remotely, leading to potential ransomware deployment and ...
2 months ago Darkreading.com CVE-2023-0669
Hackers Can Gain Access to Servers Through a GoAnywhere MFT Security Flaw - GoAnywhere MFT, a secure web file transfer solution, has warned customers of a zero-day remote code execution vulnerability on exposed administrator consoles. This exploit requires access to the administrative console, which should not normally be ...
2 years ago Bleepingcomputer.com
Fortra warns of max-severity flaw in GoAnywhere MFT's License Servlet - Fortra has issued a critical security warning regarding a maximum severity vulnerability found in the License Servlet component of its GoAnywhere Managed File Transfer (MFT) software. This flaw poses a significant risk as it could allow unauthorized ...
3 months ago Bleepingcomputer.com CVE-2024-28199
A Fix Released to Stop the Unauthorized Use of GoAnywhere MFT Software - Recently, a zero-day vulnerability was discovered in the GoAnywhere managed file transfer software, and news of active exploitation has been reported. Fortra, formerly known as HelpSystems, released two security notifications with mitigations and ...
2 years ago Securityweek.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
1 year ago Heimdalsecurity.com
CISA orders federal gov to patch Fortra bug exploited by China-linked hackers - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all federal agencies to patch a critical vulnerability in Fortra's GoAnywhere MFT software. This vulnerability, tracked as CVE-2023-0669, allows ...
2 months ago Therecord.media CVE-2023-0669 APT41
Beware Cybercriminals Taking Advantage of Unpatched Vulnerability in Fortras GoAnywhere MFT - A recently discovered security flaw in Fortras GoAnywhere MFT managed file transfer application is being actively exploited in the wild. The vulnerability was first reported by security reporter Brian Krebs on Mastodon. It is a type of remote code ...
2 years ago Thehackernews.com
Fortra GoAnywhere CVSS 10.0 Flaw Puts Enterprises at Risk of Critical RCE Attacks - A critical vulnerability with a CVSS score of 10.0 has been discovered in Fortra's GoAnywhere MFT software, widely used by enterprises for managed file transfer. This flaw allows unauthenticated remote code execution (RCE), posing a severe risk to ...
2 months ago Thehackernews.com CVE-2025-12345
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)