PT-2025-48357 · Kiteworks · Kiteworks Mft
Published
2025-11-29
·
Updated
2025-12-22
·
CVE-2025-53896
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Kiteworks MFT versions prior to 9.1.0
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. A flaw exists where a user’s active session may not properly time out due to inactivity under certain circumstances. This issue was addressed in version 9.1.0.
Recommendations
Upgrade to version 9.1.0 or later.
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiteworks Mft