WAF Release - 2025-09-24 - Emergency
This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- GoAnywhere MFT (CVE-2025-10035): Deserialization vulnerability in the License Servlet that allows attackers with a forged license response signature to deserialize arbitrary objects, potentially resulting in command injection.
Impact
GoAnywhere MFT (CVE-2025-10035): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
|Ruleset
|Rule ID
|Legacy Rule ID
|Description
|Previous Action
|New Action
|Comments
|Cloudflare Managed Ruleset
|100787
|Fortra GoAnywhere - Auth Bypass - CVE:CVE-2025-10035
|N/A
|Block
|This is a New Detection