Kiteworks Managed File Transfer
Approved changes feed: RSS · Atom
cpe:2.3:a:accellion:kiteworks_managed_file_transfer:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Accellion (430c74a2-9aef-5e49-8a90-6fd4ceee7fe4) |
|---|---|
| Product | Kiteworks Managed File Transfer (9ea260be-ea45-55b9-89ac-df8ca217ee09) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-53900 |
vulnerable | 2026-06-03 15:03:55.308735 |
Kiteworks MFT has a Privilege Defined With Unsafe Actions
MEDIUM (6.5)
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
Published: 2025-11-29T02:25:34.730Z
Updated: 2025-12-01T15:39:42.616Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53899 |
vulnerable | 2026-06-03 15:03:55.308496 |
Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
HIGH (7.2)
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
Published: 2025-11-29T02:25:23.493Z
Updated: 2025-12-01T15:41:27.509Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53897 |
vulnerable | 2026-06-03 15:03:55.308239 |
Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability
MEDIUM (6.8)
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.
Published: 2025-11-29T02:24:36.842Z
Updated: 2025-12-01T15:42:56.666Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53896 |
vulnerable | 2026-06-03 15:03:55.307891 |
Kiteworks MFT is vulnerable to Insufficient Session Expiration
HIGH (7.1)
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.
Published: 2025-11-29T02:24:18.115Z
Updated: 2025-12-03T15:11:36.226Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.