CVE-2025-53896HIGH 8.1EPSS p5.9%

CVE-2025-53896CVE-2025-53896

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.16% probability of exploitation · percentile 5.9% · 2026-06-19T12:03:05Z
Published2025-11-29
Last modified2025-12-02

Underlying weaknesses· 1

CWE-613

References

  1. https://github.com/kiteworks/security-advisories/security/advisories/GHSA-23h2-3jj8-58hm

1

TypeTargetConfidenceTier
WeaknessInsufficient Session Expirationcwe-6130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53900
CVE
CVE-2025-53939
CVE
CVE-2026-28269
CVE
CVE-2025-53826
CVE
CVE-2026-8670
CVE
CVE-2025-59786
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.