CVE-2025-13147 | THREATINT

Description

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.

PUBLISHED Reserved 2025-11-13 | Published 2025-11-19 | Updated 2025-11-19 | Assigner ProgressSoftware

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

Any version before 2024.1.8

affected

2025.0.0 (semver) before 2025.0.4

affected

Credits

Early Warning Services finder

Michael McCambridge finder

Brian Tigges finder

Jason Scribner finder

Alex Achs finder

References

docs.progress.com/...2024/page/Fixed-Issues-in-2024.1.8.html

docs.progress.com/...2025/page/Fixed-Issues-in-2025.0.4.html

docs.progress.com/...2025_1/page/Fixed-Issues-in-2025.1.html

cve.org (CVE-2025-13147)

nvd.nist.gov (CVE-2025-13147)

Download JSON