CVE-2025-53899
Last modified
CVE-2025-53899 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Accellion | Kiteworks Managed File Transfer | < 9.1.0 |
References
- https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-53899?
How severe is CVE-2025-53899?
How do I fix CVE-2025-53899?
Are you affected by CVE-2025-53899?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST