vulnerability

Progress MOVEit Transfer: CVE-2025-2324: Improper Privilege Management for Shared Account users

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:H/Au:S/C:C/I:P/A:N)	Mar 19, 2025	Mar 21, 2025	Mar 24, 2025

Severity

CVSS

(AV:N/AC:H/Au:S/C:C/I:P/A:N)

Published

Mar 19, 2025

Added

Mar 21, 2025

Modified

Mar 24, 2025

Description

A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder. Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.

Solution

progress-moveit-transfer-cve-2025-2324-solution

References

CVE-2025-2324
https://attackerkb.com/topics/CVE-2025-2324
URL-https://community.progress.com/s/article/ka7Pb000000eF5BIAU

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today