MEDIUM🇵🇱 Wersja polska

CVE-2025-53900

CVSS 6.5v3.1pub. 2025-11-29upd. 2025-12-03

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Accellion Kiteworks Managed File Transfer

    APP
    Accellion
    < 9.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-53896HIGH7.1ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT ...

CVE-2025-53899HIGH7.2ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kitewor...

CVE-2025-53897MEDIUM6.8ten sam produkt

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability coul...

CVE-2021-27101CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to docu...

CVE-2021-27103CRITICAL9.8⚠ KEVten sam vendor

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The ...