CVE-2025-53939

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.1.0

Description Kiteworks is a private data network. Before version 9.1.0, insufficient input validation during the management of shared folder roles could result in unintended privilege escalation for other users on the share.

Recommendations Update to version 9.1.0 or later.

Exploit

Fix

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-53939

GHSA-HPF5-6376-2565

Affected Products

Kiteworks

CVE-2025-53939

Weakness Enumeration

Related Identifiers

Affected Products

References · 6