CVE-2025-53897

CVSS v3.1

6.8

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0

Description Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of the software prior to 9.1.0 contain a flaw that could allow an external attacker to access log information from the system. This is achieved by deceiving an administrator into viewing a specially designed, fraudulent page within Kiteworks MFT. The issue was addressed with the release of version 9.1.0.

Recommendations Upgrade to Kiteworks MFT version 9.1.0 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-53897

Affected Products

Kiteworks Mft

CVE-2025-53897

Weakness Enumeration

Related Identifiers

Affected Products

References · 4