The Medusa ransomware group has been observed exploiting a critical vulnerability, CVE-2025-10035, in Fortra's GoAnywhere managed file transfer (MFT) software. GoAnywhere is widely used by enterprises to securely transfer sensitive data across networks. The vulnerability requires possession of a private key, which is typically used for encryption and authentication within the GoAnywhere environment. The exact method by which the Storm-1175 threat actors obtained this private key remains unknown, raising concerns about potential insider threats, key leakage, or prior compromise. Once exploited, attackers can manipulate file transfers, intercept or alter data, and potentially deploy ransomware payloads, severely impacting data confidentiality and integrity. The lack of known public exploits suggests this is a targeted attack rather than widespread exploitation. The critical nature of this flaw stems from the trust placed in GoAnywhere for secure communications and the potential for attackers to bypass security controls if they have the private key. Organizations relying on GoAnywhere for sensitive data exchanges face significant risk of data breaches and operational disruption if this vulnerability is exploited.

For European organizations, the exploitation of CVE-2025-10035 poses a severe risk to data confidentiality and integrity, particularly for industries handling sensitive or regulated data such as finance, healthcare, and government. Successful exploitation could lead to unauthorized access to sensitive files, data manipulation, and ransomware infections that disrupt business operations. The requirement of a private key for exploitation suggests that attackers may have already compromised internal systems or personnel, indicating a sophisticated threat actor with potential insider knowledge. This elevates the risk of targeted attacks against high-value organizations. The disruption of managed file transfer services can also impact supply chains and inter-organizational communications, amplifying the operational impact. European organizations with stringent data protection regulations (e.g., GDPR) may face legal and reputational consequences if breaches occur due to this vulnerability.

1. Immediately review and strengthen private key management practices, including key storage, access controls, and rotation policies to prevent unauthorized access. 2. Conduct thorough audits to detect any unauthorized access or leakage of private keys within the organization. 3. Implement network segmentation to isolate GoAnywhere servers and restrict access to only necessary systems and personnel. 4. Enhance monitoring and logging around GoAnywhere environments to detect anomalous activities, such as unusual file transfers or access patterns. 5. Apply any available patches or security updates from Fortra as soon as they are released. 6. Educate staff on the importance of safeguarding cryptographic keys and recognizing social engineering attempts that could lead to key compromise. 7. Develop and test incident response plans specifically addressing ransomware and data breach scenarios involving managed file transfer systems. 8. Consider deploying additional encryption layers or multi-factor authentication mechanisms to protect access to critical systems.