HIGH🇵🇱 Wersja polska

CVE-2025-53899

CVSS 7.2v3.1pub. 2025-11-29upd. 2025-12-03

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Accellion Kiteworks Managed File Transfer

    APP
    Accellion
    < 9.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-53896HIGH7.1ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT ...

CVE-2025-53897MEDIUM6.8ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability coul...

CVE-2025-53900MEDIUM6.5ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definit...

CVE-2021-27101CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to docu...

CVE-2021-27103CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The ...