Home

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.

PUBLISHED Reserved 2025-07-11 | Published 2025-11-29 | Updated 2025-12-01 | Assigner GitHub_M




MEDIUM: 6.8CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-352: Cross-Site Request Forgery (CSRF)

Product status

< 9.1.0
affected

References

github.com/...sories/security/advisories/GHSA-cxwc-7899-3h4m

cve.org (CVE-2025-53897)

nvd.nist.gov (CVE-2025-53897)

Download JSON