CVE-2025-53939
Kiteworks Core is vulnerable to Improper Input Validation
In short
Kiteworks had a flaw in how it checked user input when managing folder sharing permissions. An attacker could exploit this to give another user higher access levels than intended on a shared folder.
Technical detail
CWE-20 improper input validation in the shared folder role management function allows an authenticated attacker to escalate another user's permissions beyond their intended level. The vulnerability requires access to folder sharing settings and was resolved by implementing stricter input validation in version 9.1.0.
Summary generated and translated by AI from the official description.
Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
kiteworks · security-advisoriesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →