This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- GoAnywhere MFT (CVE-2025-10035): Deserialization vulnerability in the License Servlet that allows attackers with a forged license response signature to deserialize arbitrary objects, potentially resulting in command injection.
Impact
GoAnywhere MFT (CVE-2025-10035): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 8fe242c7c0d64d689f4fc9a1e08b39f3 | 100787 | Fortra GoAnywhere – Auth Bypass – CVE:CVE-2025-10035 | N/A | Block | This is a New Detection |
Source: Cloudflare
Latest Posts
- Amazon Timestream for InfluxDB Now Supports Advanced Metrics
- Amazon CloudWatch Logs now supports data protection, OpenSearch PPL and OpenSearch SQL for the Infrequent Access ingestion class
- Amazon GameLift Servers expands instance support with next-generation EC2 instance families
- (Updated) Microsoft 365 Copilot: Customize how managers are identified in Workforce Insights agent and Copilot responses [MC1260710]
![Microsoft Fabric: Upcoming tenant settings for OneLake diagnostic logs [MC1158904]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-nextvoyage-3763903-96x96.webp "Microsoft Fabric: Upcoming tenant settings for OneLake diagnostic logs [MC1158904] 6")
![(Updated) Microsoft 365 Copilot: New Researcher agent output controls [MC1143277]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-mart-production-7890048-96x96.webp "(Updated) Microsoft 365 Copilot: New Researcher agent output controls [MC1143277] 7")