CVE-2025-53900
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-29

Last updated on: 2025-12-03

Assigner: GitHub, Inc.

Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-29
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-11-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-53900
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
accellion kiteworks_managed_file_transfer to 9.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-267 A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Kiteworks MFT prior to version 9.1.0 involves an unfavorable definition of roles and permissions when managing Connections, which could allow authorized users to escalate their privileges unexpectedly. This means users with certain permissions might gain higher access rights than intended.

Impact Analysis

The vulnerability can lead to unauthorized escalation of privileges by authorized users, potentially allowing them to perform actions or access data beyond their intended permissions. This could compromise the integrity of file transfer workflows and sensitive information managed by Kiteworks MFT.

Mitigation Strategies

Upgrade Kiteworks MFT to version 9.1.0 or later, as this version contains the patch that fixes the privilege escalation vulnerability related to roles and permissions in managing Connections.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53900. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart