VYPR
Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025

Kiteworks MFT has a Privilege Defined With Unsafe Actions

CVE-2025-53900

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.