Fortra warns of a maximum-severity vulnerability (CVE-2025-10035) in GoAnywhere MFT’s License Servlet, enabling remote command injection via deserialization attacks. With over 470 instances exposed online and parallels to the 2023 Clop ransomware campaign, administrators must urgently patch or isolate admin consoles from internet access.