CVE-2025-53900HIGH 8.8EPSS p56.8%

CVE-2025-53900CVE-2025-53900

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.96% probability of exploitation · percentile 56.8% · 2026-06-18T12:00:27Z
Published2025-11-29
Last modified2025-12-03

Underlying weaknesses· 1

CWE-267

References

  1. https://github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6h

1

TypeTargetConfidenceTier
WeaknessPrivilege Defined With Unsafe Actionscwe-2670%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53939
CVE
CVE-2025-53896
CVE
CVE-2026-28269
CVE
CVE-2025-2324
CVE
CVE-2026-24755
CVE
CVE-2026-3999
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.