Security researchers have once again uncovered active exploitation of a critical vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere file transfer solution. According to recent findings, attackers have been using this flaw since early September — long before it was made public — to remotely execute commands on unpatched systems without any user authentication.
The vulnerability was rated 10.0 out of 10 on the CVSS scale, marking it as the highest level of severity. While Fortra has already released patches in versions 7.8.4 and 7.6.3 (sustained line), this incident highlights a deeper and ongoing concern: the exposure that comes from relying on third-party, external tools to secure IBM i environments.
A Reminder of the 2023 GoAnywhere Breach
This is not the first time GoAnywhere has made headlines. Back in 2023, a zero-day vulnerability in the same platform led to large-scale data breaches across numerous organizations worldwide. Those incidents underscored how even trusted enterprise solutions can become entry points for attackers — especially when security depends on components outside the IBM i ecosystem.
Native Security: A Smarter Approach to IBM i Protection
At Raz-Lee Security, we’ve spent over 35 years securing IBM i systems. One lesson has remained constant: the most reliable protection is native protection.
External antivirus or monitoring tools require data to leave the IBM i environment, creating latency, dependencies, and potential exposure. Native solutions, on the other hand, operate directly within the system — no bridges, no external connections, and no risk of cross-platform infection or compatibility gaps.
This is why iSecurity Antivirus was built to run entirely on IBM i.
Why Migrate to iSecurity Antivirus
If your organization currently relies on Fortra or other external security tools, now is the time to evaluate a safer, more integrated alternative. Migrating to iSecurity Antivirus provides immediate advantages:
Native IBM i Protection
Runs directly within the IBM i operating system, eliminating dependency on external components or Windows-based scanners.Real-Time Detection and Prevention
Continuously monitors and blocks malicious files — before they reach your data or execute commands.Full Integration with IBM i Security Policies
Works seamlessly with iSecurity Audit, Authority-on-Demand, and other Raz-Lee modules for unified monitoring and reporting.Certified by IBM and Fully Supported
Trusted worldwide by IBM i users who demand robust, proven protection.Efficient, Low Overhead Scanning
Optimized for performance, ensuring continuous protection without affecting system throughput.
Raz-Lee’s Commitment to Native Security
Our mission has always been simple: keep IBM i secure from the inside out. We believe that cybersecurity for IBM i should never depend on external systems or afterthought integrations. Every iSecurity product we develop — from Antivirus to Firewall, Audit, and MFA — is built natively, ensuring the highest possible performance, reliability, and visibility.
As threats evolve and hybrid infrastructures grow, one thing remains clear: IBM i requires specialized, dedicated protection that understands its architecture and language. Raz-Lee continues to lead that mission, helping organizations worldwide protect their most critical systems with confidence.
Final Thoughts
The latest Fortra GoAnywhere attacks are a wake-up call. Even trusted tools can become liabilities if they’re not fully aligned with the native security principles of IBM i.
Now is the time to patch, review, and strengthen — and to consider a strategic migration to solutions designed specifically for IBM i resilience.
Learn more about how iSecurity Antivirus delivers real-time, native protection for IBM i: https://razlee.com/isecurity-antivirus/
