GoAnywhere MFT Zero‑Day Lets Attackers Slip Past Firewalls

In September 2025 a previously unknown flaw in the GoAnywhere Managed File Transfer (MFT) license‑servlet was weaponized. The vulnerability allowed an unauthenticated remote attacker to upload malicious payloads and achieve arbitrary code execution on the MFT server. Because the servlet is reachable through the standard HTTPS port, the exploit bypassed traditional perimeter firewalls that only filter by port and protocol, effectively giving the attacker a foothold inside the network without triggering typical firewall alerts.

The compromise of a file‑transfer appliance can expose sensitive data, enable lateral movement, and serve as a launch point for ransomware or credential theft. Defenders must treat GoAnywhere MFT as a high‑risk asset: apply the vendor’s emergency patch immediately, enforce strict network segmentation, limit access to the license‑servlet to trusted hosts, and enable deep packet inspection or a web‑application firewall to detect abnormal servlet calls. Continuous monitoring of MFT logs for unexpected license requests or code‑execution patterns is essential to spot any lingering attempts.

Categories: Vulnerabilities & Exploits

Source: Read original article