CVE-2025-53899

EPSS 0.05%
Veröffentlicht 29.11.2025 02:25:23
Zuletzt bearbeitet 03.12.2025 17:48:48
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Accellion ≫ Kiteworks Managed File Transfer Version < 9.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-941 Incorrectly Specified Destination in a Communication Channel

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-53899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-53899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-53899

EUVD