security: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Microsoft Security Blog
2025-10-06
Microsoft observed Storm-1175 actively exploiting a deserialization vulnerability (CVE-2025-10035) in the License Servlet of GoAnywhere Managed File Transfer, linked to Medusa ransomware deployment, and published a blog to raise awareness and describe Microsoft Defender protection coverage.