4 matches found
CVE-2025-53896
CVE-2025-53896 affects Kiteworks MFT prior to version 9.1.0. A bug could allow a user’s active session to fail to time out after inactivity under certain conditions. Red Hat and other sources confirm the issue and its patch in version 9.1.0. Impact details are limited to session expiration misbeh...
CVE-2025-53899
CVE-2025-53899 affects Kiteworks MFT prior to version 9.1.0. The back-end suffers from an incorrectly specified destination in a communication channel, which could allow an attacker with administrative privileges to intercept upstream communication and potentially escalate privileges. The issue i...
CVE-2025-53897
CVE-2025-53897 affects Kiteworks MFT prior to 9.1.0. A crafted fake page could trick an administrator into visiting it, allowing an external attacker to access log information from the system. The issue is resolved in version 9.1.0. Affected product/version details and remediation are supported b...
CVE-2025-53900
Kiteworks MFT is affected by CVE-2025-53900 due to an improper definition of roles and permissions when managing Connections. Prior to version 9.1.0, this could allow an authorized user to escalate privileges within end-to-end file transfer workflows. The issue has been fixed in version 9.1.0. Af...