Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025
Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-53897
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.
Affected products
2- kiteworks/security-advisoriesv5Range: < 9.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/kiteworks/security-advisories/security/advisories/GHSA-cxwc-7899-3h4mmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.