Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025
Kiteworks MFT has a Privilege Defined With Unsafe Actions
CVE-2025-53900
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- kiteworks/security-advisoriesv5Range: < 9.1.0
Patches
Vulnerability mechanics
References
1- github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6hmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.