PT-2026-1522 · Progress · Moveit Transfer

Published

2026-01-06

Updated

2026-02-03

CVE-2025-11235

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions 2022.0.0 through 2022.0.10 Progress MOVEit Transfer versions 2022.1.0 through 2022.1.11 Progress MOVEit Transfer versions 2023.0.0 through 2023.0.8 Progress MOVEit Transfer versions 2023.1.0 through 2023.1.3

Description An unverified password change issue exists in the REST API modules of Progress MOVEit Transfer on Windows. The issue allows for potential unauthorized password modifications.

Recommendations Update Progress MOVEit Transfer versions prior to 2022.1.11. Update Progress MOVEit Transfer versions prior to 2023.0.8. Update Progress MOVEit Transfer versions prior to 2023.1.3.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-620

Related Identifiers

CVE-2025-11235

Affected Products

Moveit Transfer

PT-2026-1522 · Progress · Moveit Transfer

CVE-2025-11235

Weakness Enumeration

Related Identifiers

Affected Products

References · 5