Storm‑1175 weaponizes GoAnywhere MFT zero‑day to slip past perimeter defenses

In September 2025 the threat group Storm‑1175 weaponized a critical zero‑day in GoAnywhere Managed File Transfer (CVE‑2025‑10035). The vulnerability is a deserialization flaw that allows unauthenticated attackers to achieve remote code execution on the file‑transfer server. By crafting malicious payloads that pass through standard firewalls and web‑application firewalls, the group bypassed traditional perimeter controls and gained a foothold inside targeted networks.

The exploitation led to the theft of confidential data, including customer records and internal communications, and enabled further lateral movement to compromise additional systems. This incident highlights that relying solely on perimeter defenses is insufficient when vulnerable application services are exposed. Defenders must prioritize rapid patching of critical assets, enforce strict network segmentation around file‑transfer servers, and deploy runtime application self‑protection and behavior‑based monitoring to detect abuse of deserialization pathways.

Categories: Data Breaches, Vulnerabilities & Exploits

Source: Read original article