⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2023-03-03.

CVE-2023-0669 — GoAnywhere: Deserialization of Untrusted Data in GoAnywhere MFT

CWE-502 — Deserialization of Untrusted Data CWE-197 — Numeric Truncation Error42 documents18 sources

Severity

7.2HIGHNVD

VulnCheck9.8

EPSS

94.4%

top 0.03%

CISA KEV

KEVRansomware

Added 2023-02-10

Due 2023-03-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Fortra Goanywhere Managed File Transfer Fortra Goanywhere MFT

Timeline

PublishedFeb 6

KEV addedFeb 10

KEV dueMar 3

Latest updateSep 19

CISA Required Action: Apply updates per vendor instructions.

Description

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortra/goanywhere_managed_file_transfer< 7.1.2

▶CVEListV5fortra/goanywhere_mft7.1.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework↗2023-02-06

▶

VulnCheck

Fortra GoAnywhere MFT Remote Code Execution Vulnerability↗2023

▶

VulnCheck

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability↗2022

▶

💥Exploits & PoCs

Exploit-DB

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)↗2023-04-08

▶

Metasploit

Fortra GoAnywhere MFT Unsafe Deserialization RCE↗

▶

Nuclei

Fortra GoAnywhere MFT - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1↗2023-02-07

▶

Suricata

ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3↗2023-02-07

▶

Suricata

ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2↗2023-02-07

▶

📋Vendor Advisories

CISA

Fortra GoAnywhere MFT Remote Code Execution Vulnerability↗2023-02-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet↗2025-09-19

▶

Qualys

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations↗2025-05-08

▶

Talos

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs↗2024-07-10

▶

Talos

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs↗2024-07-10

▶

Unit42

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis↗2024-02-05

▶