MEDIUM🇬🇧 English

CVE-2025-53900

CVSS 6.5v3.1pub. 2025-11-29upd. 2025-12-03

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Accellion Kiteworks Managed File Transfer

    APP
    Accellion
    < 9.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-53896HIGH7.1ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT ...

CVE-2025-53899HIGH7.2ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kitewor...

CVE-2025-53897MEDIUM6.8ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability coul...

CVE-2021-27101CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to docu...

CVE-2021-27103CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The ...

CVE-2025-53900 — MEDIUM 6.5 | CVEbaza.pl