CVE-2025-53899 | THREATINT

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

PUBLISHED Reserved 2025-07-11 | Published 2025-11-29 | Updated 2025-11-29 | Assigner GitHub_M

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-941: Incorrectly Specified Destination in a Communication Channel

Product status

< 9.1.0

affected

References

github.com/...sories/security/advisories/GHSA-5gx5-vcpp-8cr5

cve.org (CVE-2025-53899)

nvd.nist.gov (CVE-2025-53899)

Download JSON