PT-2025-48358 · Kiteworks · Kiteworks Mft
Published
2025-11-29
·
Updated
2025-12-03
·
CVE-2025-53897
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Kiteworks MFT versions prior to 9.1.0
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of the software prior to 9.1.0 contain a flaw that could allow an external attacker to access log information from the system. This is achieved by deceiving an administrator into viewing a specially designed, fraudulent page within Kiteworks MFT. The issue was addressed with the release of version 9.1.0.
Recommendations
Upgrade to Kiteworks MFT version 9.1.0 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiteworks Mft