Home
HIGH: 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
2025.0.0 (semver) before 2025.0.8
affected
2025.1.0 (semver) before 2025.1.4
affected
2026.0.0 (semver) before 2026.0.1
affected
Description
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.
Problem types
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
Product status
2025.0.0 (semver) before 2025.0.8
2025.1.0 (semver) before 2025.1.4
2026.0.0 (semver) before 2026.0.1
Credits
Mateusz Mieczkowski
References
community.progress.com/...itical-Security-Bulletin-June-2026