CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer SFTP module allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2...

CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer SFTP module allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2...

CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer SFTP module allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2...

CVE-2025-2324 A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer SFTP module allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2...

CVE-2025-2324 A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer SFTP module allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2...

CVE-2025-2324

The CVE-2025-2324 entry concerns an Improper Privilege Management issue in MOVEit Transfer (SFTP module) where users configured as Shared Accounts can gain elevated permissions. Affected versions are MOVEit Transfer: 2023.1.0–2023.1.11, 2024.0.0–2024.0.7, and 2024.1.0–2024.1.1. Remediations are t...

Progress MOVEit Transfer 安全漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from improper privilege management for users of shared accounts, which could result in elevated privileges...

PT-2025-11688 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions 2023.1.0 through 2023.1.11 MOVEit Transfer versions 2024.0.0 through 2024.0.7 MOVEit Transfer versions 2024.1.0 through 2024.1.1 Description: The issue is related to Improper Privilege Management for users configured ...

CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2...

CVE-2024-5805

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

CVE-2024-0396

In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...

American National Insurance Company (ANICO) Data Leaked in MOVEit Breach

Cybersecurity researchers discovered 270,000+ lines of American National Insurance customer data leaked online, potentially linked to the 2023…...

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...

Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database

A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss...

Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others

Aftermath of MOVEit vulnerability: Data vigilante 'Nam3L3ss' leaks nearly 8 million employee records from industry giants like Amazon,…...

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh/transport/session' require 'net/sftp' require 'openssl' class MetasploitModule 'Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read',...