CVE-2025-53900
Kiteworks MFT has a Privilege Defined With Unsafe Actions
In short
Kiteworks MFT has a flaw in how it defines user roles and permissions for managing file transfer connections. Authorized users could gain more access rights than intended, leading to privilege escalation.
Technical detail
CWE-267 involves improper privilege definition in role-based access control. An authenticated attacker with standard user privileges could escalate permissions by exploiting misconfigured roles in the Connections management module, potentially gaining administrative-level access to file transfer workflows and sensitive operations.
Summary generated and translated by AI from the official description.
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
kiteworks · security-advisoriesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →