Server-Side Request Forgery Vulnerability in Progress MOVEit Transfer
CVE-2025-13147
5.3MEDIUM
What is CVE-2025-13147?
A Server-Side Request Forgery (SSRF) vulnerability exists in Progress MOVEit Transfer, allowing attackers to send crafted requests that can expose sensitive internal services. This flaw primarily affects versions prior to 2024.1.8 and from 2025.0.0 up to 2025.0.4, potentially enabling unauthorized access to internal resources, which poses significant risks if exploited. Immediate patching and upgrading to secured versions are recommended to mitigate the associated risks.
Affected Version(s)
MOVEit Transfer 0 < 2024.1.8
MOVEit Transfer 2025.0.0 < 2025.0.4
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Early Warning Services
Michael McCambridge
Brian Tigges
Jason Scribner
Alex Achs