Fortra GoAnywhere MFT is exploited by Storm-1175 via CVE-2025-10035 (higher confidence per source, NVD entry confirmed) as part of the group’s file transfer platform targeting pattern against critical infrastructure. Organizations running GoAnywhere MFT should apply the Fortra patch per the Fortra advisory and immediately audit internet-facing instances for unauthorized access. GoAnywhere has been a persistent target across multiple threat actor campaigns and warrants priority attention in any managed file transfer inventory.