CVE-2025-53900

Medium CVSS: 6.5

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

Vendor

Accellion

Product

Kiteworks Managed File Transfer

CWE

CWE-267

Yayın Tarihi

2025-11-29 03:15:58

Güncelleme

2025-12-03 17:49:10

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-267 Kiteworks Managed File Transfer MEDIUM Accellion 2025

Referanslar

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6h

Benzer Kayıtlar

Medium

CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway…

Medium

CVE-2026-23635

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of…

Medium

CVE-2026-23636

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form…

High

CVE-2026-24750

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attac…

High

CVE-2026-23514

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili…

Medium

CVE-2026-28270

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows upl…