Kiteworks MFT has a Privilege Defined With Unsafe Actions

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

Basic Information

ID CVE-2025-53900

Source GitHub_M

Published Nov 29, 2025 at 02:25

Affected Product

Vendor kiteworks

Product security-advisories

Version < 9.1.0

Affected Versions kiteworks security-advisories < 9.1.0

CWE Classification

CWE-267

References

github.com /kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6h

{
    "lastseen": "",
    "description": "Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.",
    "published": "2025-11-29T02:25:34.730Z",
    "modified": "2025-11-29T02:25:34.730Z",
    "type": "cve",
    "title": "Kiteworks MFT has a Privilege Defined With Unsafe Actions",
    "source": "GitHub_M",
    "references": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6h",
    "id": "CVE-2025-53900",
    "bulletinFamily": "",
    "cwe": [
        "CWE-267"
    ],
    "cvelist": null,
    "sourceData": "kiteworks security-advisories < 9.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-advisories",
    "version": "< 9.1.0",
    "vendor": "kiteworks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kiteworks MFT has a Privilege Defined With Unsafe Actions_CVE-2025-53900