Matteo Ricordeau

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions prior to 2025.0.11 MOVEit Automation versions 2025.1.0 through 2025.1.6 **Description** An uncontrolled memory allocation issue in Progress Software MOVEit Automation allows for excessive allocation. Uncontrolled memory allocation occurs when a program allocates more memory than is available or necessary, which can lead to system instability or crashes. **Recommendations** Update versions prior to 2025.0.11 to version 2025.0.11 or newer. Update versions 2025.1.0 through 2025.1.6 to version 2025.1.7 or newer.

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions prior to 2025.0.11 MOVEit Automation versions 2025.1.0 through 2025.1.6 **Description** An issue exists where resources are allocated without limits or throttling, which allows for flooding. Flooding is a condition where a system is overwhelmed by a high volume of requests or data, potentially leading to a denial of service. **Recommendations** Update to version 2025.0.11 or newer. Update to version 2025.1.7 or newer.

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions prior to 2025.0.11 MOVEit Automation versions 2025.1.0 through 2025.1.6 **Description** Incorrect default permissions in the software allow for the retrieval of embedded sensitive data. **Recommendations** Update to version 2025.0.11 or newer. Update to version 2025.1.7 or newer.

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions prior to 2025.0.11 MOVEit Automation versions 2025.1.0 through 2025.1.6 **Description** An issue exists where resources are allocated without limits or throttling, which allows for excessive allocation. **Recommendations** Update to version 2025.0.11 or newer. Update to version 2025.1.7 or newer.

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions prior to 2024.1.8 MOVEit Automation versions 2024.0.0 through 2024.1.7 MOVEit Automation versions 2025.0.0 through 2025.0.8 **Description** An improper authentication flaw allows attackers to bypass authentication entirely. This can lead to unauthorized administrative control, data exposure, privilege escalation, and lateral movement across enterprise networks. **Recommendations** Update versions prior to 2024.0.0 to version 2024.1.8 or later. Update versions 2024.0.0 through 2024.1.7 to version 2024.1.8 or later. Update versions 2025.0.0 through 2025.0.8 to version 2025.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** MOVEit Automation versions 2025.1.0 through 2025.1.4 MOVEit Automation versions 2025.0.0 through 2025.0.8 MOVEit Automation versions 2024.0.0 through 2024.1.7 MOVEit Automation versions prior to 2024.0.0 **Description** Improper input validation in Progress Software MOVEit Automation allows for privilege escalation. **Recommendations** Update versions 2025.1.0 through 2025.1.4 to 2025.1.5. Update versions 2025.0.0 through 2025.0.8 to 2025.0.9. Update versions 2024.0.0 through 2024.1.7 to 2024.1.8. Update versions prior to 2024.0.0 to 2024.0.0 or later.