Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025

Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel

CVE-2025-53899

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

Affected products

Kiteworks/Kiteworksllm-fuzzy
Range: < 9.1.0
kiteworks/security-advisoriesv5
Range: < 9.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000