CVE-2025-53900

MEDIUM
Published Nov 29, 2025 Modified Dec 3, 2025 CWE-267

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

CVSS v3.1 Score

6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weakness Type (CWE)

CWE-267 CWE-267

Affected Products

Vendor Product
accellion kiteworks_managed_file_transfer

References

Frequently Asked Questions

What is CVE-2025-53900? +
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0. It has a CVSS v3.1 base score of 6.5 (MEDIUM).
How severe is CVE-2025-53900? +
CVE-2025-53900 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-53900? +
CVE-2025-53900 affects products from accellion, specifically: kiteworks_managed_file_transfer. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-53900? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2903

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login …
CVE-2026-29646 9.8

In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor …
CVE-2024-55968 8.8

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the …
CVE-2025-26467 8.8

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges …
CVE-2024-39866 8.8

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users …
CVE-2025-23015 8.8

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-53900 — free, no signup required.

Start Free Scan