Kiteworks Managed File Transfer
CVE-2025-53900
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
AnalysisAI
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-267. Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0. Affected products include: Accellion Kiteworks Managed File Transfer. Version information: version 9.1.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is rem
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.1), this vulnerability is low
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.8), this vulnerability is r
Same weakness CWE-267 – Privilege Defined With Unsafe Actions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today