This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- GoAnywhere MFT (CVE-2025-10035): Deserialization vulnerability in the License Servlet that allows attackers with a forged license response signature to deserialize arbitrary objects, potentially resulting in command injection.
Impact
GoAnywhere MFT (CVE-2025-10035): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 8fe242c7c0d64d689f4fc9a1e08b39f3 | 100787 | Fortra GoAnywhere – Auth Bypass – CVE:CVE-2025-10035 | N/A | Block | This is a New Detection |
Source: Cloudflare
![Microsoft Fabric: Upcoming tenant settings for OneLake diagnostic logs [MC1158904]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-nextvoyage-3763903-96x96.webp "Microsoft Fabric: Upcoming tenant settings for OneLake diagnostic logs [MC1158904] 6")
![(Updated) Microsoft 365 Copilot: New Researcher agent output controls [MC1143277]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-mart-production-7890048-96x96.webp "(Updated) Microsoft 365 Copilot: New Researcher agent output controls [MC1143277] 7")