CVE-2026-8487
Received
Received - Intake
Incorrect Default Permissions in Progress MOVEit Automation Leads to Sensitive Data Exposure
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Progress Software Corporation
Description
Description
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress_software | moveit_automation | From 2025.1.0 (inc) to 2025.1.7 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incorrect default permissions issue in Progress Software MOVEit Automation. It allows an attacker to retrieve embedded sensitive data due to improper permission settings.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive data embedded within MOVEit Automation. This could result in exposure of confidential information, potentially causing data breaches.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70