Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.
Extended Detection andOpen XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Customer PortalSee what our SOC sees, review investigations, and see how we are protecting your business.
Platform IntegrationsSeamless integrations and threat investigation across your existing tech stack.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Threat Response Unit (TRU)Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Cyber Resilience TeamExtend your team capabilities and prevent business disruption with expertise from eSentire.
Response and RemediationWe balance automated blocks with rapid human-led investigations to manage threats.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
THE THREATOn September 25th, 2025, watchTowr Labs revealed that a recently disclosed vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT), identified as CVE-2025-10035 (CVSS:…
THE THREATOn September 25th, 2025, Cisco disclosed two zero-day vulnerabilities, CVE-2025-20333 (CVSS: 9.9) and CVE-2025-20362 (CVSS: 6.5), in Cisco Secure Firewall Adaptive Security…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership CareersWe provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On September 25th, 2025, watchTowr Labs revealed that a recently disclosed vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT), identified as CVE-2025-10035 (CVSS: 10), had been exploited in the wild prior to its official disclosure. Fortra initially disclosed CVE-2025-10035 on September 18th, 2025, and provided patches to mitigate the flaw. CVE-2025-10035 is a critical deserialization vulnerability in the License Servlet of GoAnywhere MFT. It allows an attacker to use a validly forged license response signature to deserialize an arbitrary, attacker-controlled object, potentially leading to command injection.
On September 24th, 2025, watchTowr Labs published a detailed Proof-of-Concept (PoC) exploit code for CVE-2025-10035. The firm confirmed its active exploitation had occurred as early as September 10th, 2025, the following day, thereby rendering it as a zero-day vulnerability.
Fortra has noted that exploitation of CVE-2025-10035 depends on systems being exposed to the Internet. Given the confirmed exploitation, any Internet-facing, unpatched instances of GoAnywhere MFT are at high risk and remain vulnerable. As the vulnerability poses a significant threat by enabling authentication bypass to inject commands, which could ultimately lead to the complete compromise of the affected system, organizations are recommended to apply relevant security patches immediately.
Within their follow-up report on September 25th, 2025, watchTowr Labs noted that Fortra indicated to CyberScoop that the vulnerability was initially discovered during a "security check" on September 11th, 2025, claiming that this statement could be interpreted as the vulnerability being initially discovered internally. However, watchTowr Labs states that they have received "credible evidence" indicating that the vulnerability had been exploited in the wild as early as September 10th, eight days prior to Fortra's disclosure and patch release, making it a zero-day vulnerability. watchTowr Labs highlights that based on observed exploitation, the "Am I Impacted?" section of Fortna's advisory was actually sharing IoCs for impacted devices.
watchTowr Labs provides details on the reported attacks, which involved threat actors exploiting CVE-2025-10035 to achieve Remote Code Execution (RCE) to create a backdoor administrator account named 'admin-go'. This account was used to create a web user, providing legitimate access to the solution, and enabled the threat actor to upload and execute secondary payloads. No attribution to a specific threat actor, or any motivation behind the attacks, was provided. Along with watchTowr Labs publishing PoC exploit code for the vulnerability, Rapid7 also published a technical report of the vulnerability on September 24th.
Vulnerabilities impacting GoAnywhere MFT have a history of being targeted by threat actors, with an example being the zero-day vulnerability CVE-2023-0669. In February 2023, the Cl0p ransomware group targeted exposed GoAnywhere MFT Admin Consoles vulnerable to CVE-2023-0669, with the attacks resulting in the deployment of Cl0p ransomware and data extortion. Given that PoC exploit code for the vulnerability is publicly available, reports that the vulnerability was observed being exploited in the wild, and historic trends targeting GoAnywhere MFT vulnerabilities, eSentire's Threat Intelligence team assesses that widespread exploitation of the vulnerability will likely be observed in the near future. As such, organizations are urged to apply relevant security patches and mitigation steps as soon as possible.
| Indicators of Compromise (IOCs) | |
| 155.2.190[.]197 | Attacker IP Address |
| 68c4abcb024c65388db584122eff409fb8459e0ca930c717f2217b90e6f2f5bc | Malware executable (zato_be.exe) |
| a72fa3b5bdd299579a03b94944e2b0b18f1bf564d4ff08a19305577a27575cc8 | Malware executable (jwunst.exe) |
References:
[1] https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-10035
[3] https://www.fortra.com/security/advisories/product-security/fi-2025-012
[4] https://labs.watchtowr.com/is-this-bad-this-feels-bad-goanywhere-cve-2025-10035/
[5] https://www.goanywhere.com/blog/10-essential-tips-for-securing-ftp-and-sftp-servers
[6] https://cyberscoop.com/goanywhere-file-transfer-service-vulnerability-september-2025/
[7] https://attackerkb.com/topics/LbA9ANjcdz/cve-2025-10035/rapid7-analysis
[8] https://nvd.nist.gov/vuln/detail/cve-2023-0669
[9] https://hivepro.com/threat-advisory/clop-ransomware-group-claims-responsibility-for-goanywhere-mft-attacks/