Home

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

PUBLISHED Reserved 2025-07-11 | Published 2025-11-29 | Updated 2025-11-29 | Assigner GitHub_M




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-267: Privilege Defined With Unsafe Actions

Product status

< 9.1.0
affected

References

github.com/...sories/security/advisories/GHSA-gjq3-8v6p-2h6h

cve.org (CVE-2025-53900)

nvd.nist.gov (CVE-2025-53900)

Download JSON