Plattform
moveit-transfer
Komponente
moveit-transfer
Behoben in
2023.1.12
2024.0.8
2024.1.2
CVE-2025-2324 identifies an Improper Privilege Management vulnerability within Progress MOVEit Transfer. This flaw allows users configured as Shared Accounts to escalate their privileges, potentially granting them unauthorized access to sensitive data and system resources. The vulnerability impacts MOVEit Transfer versions ranging from 2023.1.0 through 2024.1.2. A fix is available in version 2024.1.2.
An attacker exploiting this vulnerability could leverage Shared Account credentials to gain elevated privileges within the MOVEit Transfer environment. This could allow them to access data beyond their intended scope, modify configurations, or even execute arbitrary commands on the server, depending on the underlying system permissions. The potential impact includes data breaches, system compromise, and disruption of critical business processes. Given MOVEit Transfer's role in secure file transfer, a successful exploitation could have significant consequences for organizations handling sensitive information. The scope of the impact is directly tied to the privileges the Shared Account possesses and the broader system access it grants.
CVE-2025-2324 was publicly disclosed on March 19, 2025. Currently, there are no known public proof-of-concept exploits available. The vulnerability's impact is considered medium, and its exploitation probability is currently assessed as low, pending the emergence of public exploits. It is not listed on the CISA KEV catalog as of this date.
Organizations heavily reliant on MOVEit Transfer for secure file transfer, particularly those utilizing Shared Accounts for user authentication, are at heightened risk. Shared hosting environments where multiple users share the same MOVEit Transfer instance are also particularly vulnerable, as a compromise of one Shared Account could potentially impact other users.
• linux / server: Monitor MOVEit Transfer logs for unusual activity related to Shared Account logins and privilege changes. Use journalctl -u moveit-transfer to filter for authentication errors or privilege escalation attempts.
• generic web: Check MOVEit Transfer configuration files for improperly configured Shared Accounts with excessive permissions. Use curl -I <MOVEitTransferURL> to inspect response headers for any unusual behavior.
• database (mysql, postgresql): If MOVEit Transfer uses a database, query the user table for Shared Accounts with administrative privileges. Example (MySQL): SELECT User, Host FROM mysql.user WHERE User = 'shared_account' AND Host = '%';
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-2324 is to upgrade MOVEit Transfer to version 2024.1.2 or later. If immediate upgrading is not feasible, consider restricting the privileges of Shared Accounts to the absolute minimum required for their intended function. Review and audit existing Shared Account configurations to identify and remediate any overly permissive settings. Implement robust access controls and multi-factor authentication to further reduce the risk of unauthorized access. After upgrading, verify the fix by attempting to escalate privileges using a Shared Account and confirming that the attempt is denied.
Actualice MOVEit Transfer a la versión 2023.1.12, 2024.0.8 o 2024.1.2, o una versión posterior, según corresponda. Esto solucionará la vulnerabilidad de escalada de privilegios. Consulte el aviso de seguridad del proveedor para obtener más detalles e instrucciones específicas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-2324 is a MEDIUM severity vulnerability in Progress MOVEit Transfer allowing Shared Accounts to escalate privileges, potentially granting unauthorized access. It affects versions 2023.1.0–2024.1.2.
You are affected if you are using MOVEit Transfer versions 2023.1.0 through 2024.1.2 and have users configured as Shared Accounts.
Upgrade MOVEit Transfer to version 2024.1.2 or later to remediate the vulnerability. Consider restricting Shared Account access as a temporary workaround.
As of March 2025, there are no confirmed reports of active exploitation, but it’s prudent to patch promptly.
Refer to the Progress MOVEit Transfer security advisory for detailed information and updates: [https://www.progress.com/moveit-transfer/security-advisories](https://www.progress.com/moveit-transfer/security-advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.