CVE-2025-53900
BaseFortify
Publication date: 2025-11-29
Last updated on: 2025-12-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| accellion | kiteworks_managed_file_transfer | to 9.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Kiteworks MFT prior to version 9.1.0 involves an unfavorable definition of roles and permissions when managing Connections, which could allow authorized users to escalate their privileges unexpectedly. This means users with certain permissions might gain higher access rights than intended.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized escalation of privileges by authorized users, potentially allowing them to perform actions or access data beyond their intended permissions. This could compromise the integrity of file transfer workflows and sensitive information managed by Kiteworks MFT.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Kiteworks MFT to version 9.1.0 or later, as this version contains the patch that fixes the privilege escalation vulnerability related to roles and permissions in managing Connections.