MS-ISAC consultancy number:
2025-088
Published date (s):
09/19/2025
PREVIEW:
Vulnerability has been discovered in the transfer of files managed by GoanyWhere (MFT) which could allow order injection. The transfer of GoanyWhere Managed files (MFT) is a business level software solution to automate, manage and safely monitor all organizational file transfers, whether they are server-server or person-to-person. The successful exploitation of this vulnerability could allow an actor a signature of a valid license response to dearialize an object controlled by arbitrary actor, perhaps leading to the injection of command.
Threat intelligence:
There is currently no report of this vulnerability exploited in the wild.
Affected systems:
- GoAnywhere Managed File Transfer (MFT) versions prior to the latest release 7.8.4, or the Sustain Release 7.6.3
Large and medium government entities
Small government
Large and medium business entities
Small business entities