CVE Vulnerabilities

CVE-2025-2324

Improper Privilege Management

Published: Mar 19, 2025 | Modified: Jul 31, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Moveit_transfer Progress 2023.1.0 (including) 2023.1.12 (excluding)
Moveit_transfer Progress 2024.0.0 (including) 2024.0.8 (excluding)
Moveit_transfer Progress 2024.1.0 (including) 2024.1.2 (excluding)

Potential Mitigations

References