Platform
other
Component
kiteworks-mft
Fixed in
9.1.1
CVE-2025-53897 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Kiteworks MFT versions up to and including 9.1.0. This flaw allows a malicious actor to potentially access sensitive log information by deceiving an administrator into visiting a specially crafted webpage. The vulnerability has been addressed in version 9.1.0, and users are strongly advised to upgrade.
The primary impact of CVE-2025-53897 lies in the potential exposure of Kiteworks MFT log data. While not a direct path to system compromise, access to logs can reveal valuable information about file transfer activity, user behavior, and potentially sensitive data handled by the system. An attacker could leverage this information for reconnaissance, identifying valuable assets, or planning further attacks. The CSRF nature of the vulnerability means that an attacker doesn't need to authenticate to exploit it, relying instead on tricking a legitimate administrator. This makes it a relatively easy-to-exploit vulnerability, especially in environments where administrators frequently interact with the Kiteworks MFT interface.
CVE-2025-53897 was publicly disclosed on 2025-11-29. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's CVSS score of 6.8 (MEDIUM) suggests a moderate probability of exploitation, particularly given the relatively simple nature of CSRF attacks. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The definitive mitigation for CVE-2025-53897 is to upgrade Kiteworks MFT to version 9.1.0 or later, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing stricter access controls and user awareness training to minimize the risk of administrator interaction with malicious websites. While a direct workaround for CSRF is difficult, implementing robust input validation and output encoding can help prevent the exploitation of other related vulnerabilities. Regularly review Kiteworks MFT logs for any suspicious activity that might indicate a CSRF attack attempt. After upgrading, confirm the fix by attempting to trigger a log access request via a crafted URL and verifying that it fails.
Update Kiteworks MFT to version 9.1.0 or higher. This version contains the fix for the CSRF vulnerability. See the release notes for more details about the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53897 is a Cross-Site Request Forgery (CSRF) vulnerability in Kiteworks MFT versions 9.1.0 and earlier, allowing attackers to potentially access log information by tricking administrators.
Yes, if you are running Kiteworks MFT version 9.1.0 or earlier, you are affected by this vulnerability.
Upgrade Kiteworks MFT to version 9.1.0 or later to resolve this vulnerability. Consider implementing stricter access controls as an interim measure.
There is currently no confirmed evidence of active exploitation, but the vulnerability's ease of exploitation warrants caution.
Refer to the official Kiteworks security advisory for detailed information and updates regarding CVE-2025-53897.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.