Fortra CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Fortra CVE published 2025-09-29

CVE-2025-10035

CVE-2025-10035 is a Fortra GoAnywhere MFT deserialization of untrusted data vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-09-29. The KEV entry also marks it as having known ransomware campaign use, which raises the operational urgency for defenders. CISA’s required action is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or disc [truncated]

Known exploited Fortra CVE published 2023-02-10

CVE-2023-0669

CVE-2023-0669 is a Fortra GoAnywhere MFT remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-02-10. CISA’s KEV entry also marks it as associated with known ransomware campaign use and sets a remediation due date of 2023-03-03. Based on the supplied official metadata, this is a high-priority issue for organizations running GoAnywhere MFT, and remediati [truncated]