Critical GoAnywhere Flaw Actively Exploited to Breach Microsoft Cloud Environments

By Medha Cloud Security Desk

A critical vulnerability in the GoAnywhere Managed File Transfer (MFT) platform is being actively exploited by ransomware groups, allowing attackers to infiltrate corporate networks and move laterally into Microsoft 365 and cloud infrastructure, according to Microsoft Threat Intelligence.

The flaw, tracked as CVE-2025-10035, involves a deserialization bug that enables unauthenticated remote code execution. Once exploited, attackers can execute arbitrary commands on the affected server, establish persistence, and deploy ransomware payloads or credential-stealing malware.

Security analysts have linked the attacks to a ransomware group known as Storm-1175, which has previously targeted U.S. healthcare and manufacturing firms. Researchers believe the actors are chaining the GoAnywhere exploit with misconfigured Defender or Azure service connectors to reach internal Microsoft 365 tenants.

According to TechRadar Pro, organizations that have not yet applied the vendor’s patch remain at significant risk. Fortra, the developer of GoAnywhere, released an update closing the flaw, but unpatched systems continue to be exploited in the wild.

Microsoft advises all customers using file-transfer software—especially those integrated with Azure Blob Storage, SharePoint, or OneDrive—to review system logs for signs of compromise and immediately update to the latest GoAnywhere build. Investigators have also observed threat actors exfiltrating sensitive configuration files, which could contain connection strings or tokens linking to cloud services.

The campaign underscores a growing pattern: attackers increasingly exploit third-party components as pivot points into larger ecosystems like Microsoft 365. “The weakest link in cloud security is often the tool you didn’t build,” one Microsoft analyst noted.

As ransomware groups refine their methods, security experts urge businesses to isolate critical applications, enable zero-trust access policies, and monitor for lateral movement within hybrid environments.

---

????️ Protect Your Microsoft 365 Environment Now

Mitigate risks from exploited software vulnerabilities and third-party integrations with Medha Cloud’s Managed Microsoft 365 Security Services — combining proactive patch management, continuous monitoring, and incident response readiness.
→ Learn more about Microsoft 365 Managed Services