CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*

History

31 Jul 2025, 15:53

Type Values Removed Values Added
CPE cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
First Time Progress
Progress moveit Transfer
References () https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 - () https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 - Vendor Advisory
Summary
  • (es) La vulnerabilidad de administración incorrecta de privilegios para usuarios configurados como cuentas compartidas en progreso MOVEit Transfer (módulo SFTP) permite la escalada de privilegios. Este problema afecta a MOVEit Transfer: desde 2023.1.0 antes de 2023.1.12, desde 2024.0.0 antes de 2024.0.8, desde 2024.1.0 antes de 2024.1.2.

19 Mar 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-19 16:15

Updated : 2025-07-31 15:53


NVD link : CVE-2025-2324

Mitre link : CVE-2025-2324

CVE.ORG link : CVE-2025-2324


JSON object : View

Products Affected

progress

  • moveit_transfer
CWE
CWE-269

Improper Privilege Management