Unrated severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025
A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder
CVE-2025-2324
Description
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.
Affected products
2- Range: >= 2023.1.0 < 2023.1.12 || >= 2024.0.0 < 2024.0.8 || >= 2024.1.0 < 2024.1.2
- Progress/MOVEit Transferv5Range: 2023.1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.