Security News > 2023 > February > Actively exploited GoAnywhere MFT zero-day gets emergency patch

Fortra has released an emergency patch to address an actively exploited zero-day vulnerability in the GoAnywhere MFT secure file transfer tool.
"This patch was created as a result of the issue we disclosed in the Security Advisories published last week related to GoAnywhere MFTaaS. We urgently advise all GoAnywhere MFT customers to apply this patch," Fortra says.
"We urgently advise all GoAnywhere MFT customers to apply this patch. Once downloaded, we recommend working with your administrators to get the patch applied as soon as possible to ensure full remediation of the identified issue."
You can download the security patch from the "Product Downloads" tab at the top of the GoAnywhere account page after logging in.
On Monday, security researcher Florian Hauser of IT security consulting firm Code White also released a proof-of-concept exploit that could be used to achieve unauthenticated remote code execution on Internet-exposed and unpatched GoAnywhere MFT servers.
Exploit released for actively exploited GoAnywhere MFT zero-day.
News URL
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)