CVE-2025-2324
Last modified
CVE-2025-2324 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Progress | Moveit Transfer | >= 2023.1.0, < 2023.1.12 |
| Progress | Moveit Transfer | >= 2024.0.0, < 2024.0.8 |
| Progress | Moveit Transfer | >= 2024.1.0, < 2024.1.2 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-2324?
How severe is CVE-2025-2324?
How do I fix CVE-2025-2324?
Are you affected by CVE-2025-2324?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST