CVE-2025-53896 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-53896
CWE	https://cwe.mitre.org/data/definitions/613.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-53896

CWE

https://cwe.mitre.org/data/definitions/613.html

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a users active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Potential Mitigations

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-23h2-3jj8-58hm