Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025
Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
CVE-2025-53899
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- kiteworks/security-advisoriesv5Range: < 9.1.0
Patches
Vulnerability mechanics
References
1- github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.