CVE-2025-2324

Summary

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

Affected Software

VendorProductVersion RangeStatus
ProgressMOVEit Transfer2023.1.0 < 2023.1.12affected
ProgressMOVEit Transfer2024.0.0 < 2024.0.8affected
ProgressMOVEit Transfer2024.1.0 < 2024.1.2affected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References