CVE-2026-8487

Summary

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.

This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareMOVEit Automation0 < 2025.0.11affected
Progress SoftwareMOVEit Automation2025.1.0 < 2025.1.7affected

Weaknesses

  • CWE-276: CWE-276 Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References