Improper Privilege Management in MOVEit Transfer by Progress Software
CVE-2025-2324

5.9MEDIUM

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 19 March 2025

What is CVE-2025-2324?

An improper privilege management vulnerability in the SFTP module of MOVEit Transfer affects users configured as Shared Accounts. This issue can lead to privilege escalation, allowing users to gain unauthorized access and control over resources. Users should update their installations to the latest versions to mitigate this vulnerability and secure their systems.

Affected Version(s)

MOVEit Transfer 2023.1.0 < 2023.1.12

MOVEit Transfer 2024.0.0 < 2024.0.8

MOVEit Transfer 2024.1.0 < 2024.1.2

References

https://community.progress.com/s/article/MOVEit-Transfer-...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Mar 14, 2025