Zero‑Day GoAnywhere MFT Bypasses Perimeter Firewalls, Highlights Need for Defense‑in‑Depth

The threat group Storm‑1175 weaponized CVE‑2025‑10035, a remote‑code‑execution flaw in the GoAnywhere Managed File Transfer (MFT) platform. By delivering the exploit over standard web traffic, the actors sidestepped the organization’s external firewalls, which were configured to allow HTTP/HTTPS to the MFT service. Within minutes the malicious payload executed with system privileges, giving the attackers full control of the file‑transfer server.

The compromise allowed unrestricted access to internal data stores, credential harvesting, and lateral movement to downstream systems, effectively nullifying the perimeter’s protective value. Defenders must treat firewalls as just one layer; without internal segmentation, endpoint detection and response, zero‑trust access controls, and rapid patching, a single high‑severity vulnerability can lead to complete network breach. Implementing layered defenses and continuous monitoring is essential to contain and detect such zero‑day attacks before they achieve full system compromise.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article