Share
## https://sploitus.com/exploit?id=A9B1A8A4-3AB2-5EDC-8CC6-AEA3A282A6F2
# CVE-2025-10035
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
# Statement
- This is an educational project only.
- This code is only used to scan for affected versions of the vulnerability and is not exploitable to prevent malicious code from being executed.
# Target search channels
```bash
app="GoAnywhere MFT"
```
- in https://shodan.io/
```bash
product.name="GoAnywhere MFT"
```
- in https://hunter.how/

# Warning
- Misuse resulting in damage to the target is punishable by law in your country.
- This project is for educational purposes.