What is the CVSS score of CVE-2025-11235?

CVE-2025-11235 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-11235?

CVE-2025-11235 is a low-severity vulnerability (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

How to fix or mitigate CVE-2025-11235?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Windows CVE-2025-11235

LOW

Unverified Password Change (CWE-620)

2026-01-07 security@progress.com

Windows

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 07, 2026 - 12:16 nvd

LOW 3.7

DescriptionNVD

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.

AnalysisAI

Technical ContextAI

Affects Moveit Transfer. Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-11235 vulnerability details – vuln.today

Back

Windows CVE-2025-11235

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code