Microsoft Attributes Critical Fortra GoAnywhere Exploitation to Storm-1175 for Medusa Ransomware Deployment

Microsoft has attributed the exploitation of a critical security vulnerability in Fortra GoAnywhere software to a threat actor tracked as Storm-1175. The vulnerability, identified as CVE-2025-10035 with a CVSS score of 10.0, is a deserialization bug that allows unauthenticated command injection. This flaw has been actively exploited to deploy Medusa ransomware, posing a significant threat to organizations using the affected software. Fortra has addressed the issue in version 7.8.4 or Sustain. The exploitation of such a critical vulnerability underscores the importance of timely patching and robust vulnerability management practices. Organizations are advised to update their Fortra GoAnywhere installations immediately and implement additional security measures, such as network monitoring and incident response planning, to mitigate the risk of exploitation. This incident highlights the ongoing threat posed by ransomware groups and the critical need for proactive cybersecurity measures.