CVE-2025-53897
BaseFortify
Publication date: 2025-11-29
Last updated on: 2025-12-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| accellion | kiteworks_managed_file_transfer | to 9.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Kiteworks MFT prior to version 9.1.0 allows an external attacker to gain access to system log information by tricking an administrator into visiting a specially crafted fake page within the application. It exploits the administrator's interaction with this malicious page to expose sensitive log data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive log information, which may contain critical system or operational details. This exposure could aid attackers in further compromising the system or understanding its internal workings, potentially leading to increased security risks.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Kiteworks MFT to version 9.1.0 or later, where the issue has been patched.