Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025

Kiteworks MFT has a Privilege Defined With Unsafe Actions

CVE-2025-53900

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

Affected products

Kiteworks/Kiteworksllm-fuzzy
Range: <9.1.0
kiteworks/security-advisoriesv5
Range: < 9.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6hmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000