GoAnywhere MFT Zero‑Day Bypasses Firewalls, Lets Attackers Run Code

A critical zero‑day in GoAnywhere Managed File Transfer (MFT) was disclosed by VMware Security. The flaw allowed unauthenticated attackers to upload a malicious payload and achieve remote code execution on any server running an unpatched version of the product. Because the exploit works through the application’s web interface, it bypasses traditional perimeter firewalls that only filter traffic at the network edge, giving adversaries direct execution rights inside the trusted zone.

The vulnerability was quickly weaponized, leading to large‑scale data theft and ransomware deployment across multiple organizations. Defenders must treat application‑level flaws as a primary attack vector, not just network‑level gaps. Immediate actions include applying the vendor’s emergency patches, enforcing strict network segmentation for MFT servers, enabling multi‑factor authentication for administrative access, and deploying runtime monitoring to detect anomalous command execution. Continuous application‑specific threat hunting is now essential to prevent similar bypasses.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article