漏洞平台

POC详情： 624d48fe47fd9665fec808861b978d5579ae9fe4

来源

https://github.com/rxerium/CVE-2025-10035

关联漏洞

标题： Fortra GoAnywhere MFT 安全漏洞 (CVE-2025-10035)
描述：Fortra GoAnywhere MFT是美国Fortra公司的一款文件传输软件。 Fortra GoAnywhere MFT 存在安全漏洞，该漏洞源于License Servlet反序列化不当，可能导致命令注入攻击。

描述

Detection for CVE-2025-10035

介绍

# CVE-2025-10035

## How does this detection method work?

Detects vulnerable GoAnywhere MFT instances by extracting version numbers from the login page and matching against affected version ranges.

## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

### Example Output

<img width="766" height="260" alt="Screenshot 2025-09-20 at 08 35 24" src="https://github.com/user-attachments/assets/e8088ee2-7510-4b78-81cd-421c1fe811bd" />


## References

- https://www.fortra.com/security/advisories/product-security/fi-2025-012
- https://www.rapid7.com/blog/post/etr-cve-2025-10035-critical-unauthenticated-rce-in-goanywhere-mft/


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

## Share This Project

<div align="center">
  <a href="https://twitter.com/intent/tweet?text=Check%20out%20this%20CVE%20detection%20template%20by%20@rxerium!&url=https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/🐦%20Share%20on-Twitter-lightgrey?style=flat&logo=twitter&logoColor=1DA1F2" alt="Share on Twitter"/>
  </a>
  <a href="https://www.linkedin.com/sharing/share-offsite/?url=https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/💼%20Share%20on-LinkedIn-lightgrey?style=flat&logo=linkedin&logoColor=0077B5" alt="Share on LinkedIn"/>
  </a>
  <a href="mailto:?subject=CVE%20Detection%20Template&body=Check%20out%20this%20interesting%20CVE%20detection%20template%20by%20rxerium:%20https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/%20Share%20via-Email-lightgrey?style=flat&logo=gmail&logoColor=D14836" alt="Share via Email"/>
  </a>
</div>

---

## Contact

Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.

文件快照


 [4.0K]  /data/pocs/624d48fe47fd9665fec808861b978d5579ae9fe4
├── [ 922]  CVE-2025-10035.yaml
└── [2.1K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。