VYPR
Unrated severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025

A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder

CVE-2025-2324

Description

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.