9.1.1
CVE-2025-53897 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Kiteworks MFT versions up to and including 9.1.0. This flaw allows a malicious actor to potentially access sensitive log information by deceiving an administrator into visiting a specially crafted webpage. The vulnerability has been addressed in version 9.1.0, and users are strongly advised to upgrade.
The primary impact of CVE-2025-53897 lies in the potential exposure of Kiteworks MFT log data. While not a direct path to system compromise, access to logs can reveal valuable information about file transfer activity, user behavior, and potentially sensitive data handled by the system. An attacker could leverage this information for reconnaissance, identifying valuable assets, or planning further attacks. The CSRF nature of the vulnerability means that an attacker doesn't need to authenticate to exploit it, relying instead on tricking a legitimate administrator. This makes it a relatively easy-to-exploit vulnerability, especially in environments where administrators frequently interact with the Kiteworks MFT interface.
CVE-2025-53897 was publicly disclosed on 2025-11-29. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's CVSS score of 6.8 (MEDIUM) suggests a moderate probability of exploitation, particularly given the relatively simple nature of CSRF attacks. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Kiteworks MFT for secure file transfer, particularly those running versions prior to 9.1.0, are at risk. Environments with less stringent administrator training or those lacking robust web application firewalls are especially vulnerable.
disclosure
漏洞利用状态
EPSS
0.02% (6% 百分位)
CISA SSVC
CVSS 向量
The definitive mitigation for CVE-2025-53897 is to upgrade Kiteworks MFT to version 9.1.0 or later, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing stricter access controls and user awareness training to minimize the risk of administrator interaction with malicious websites. While a direct workaround for CSRF is difficult, implementing robust input validation and output encoding can help prevent the exploitation of other related vulnerabilities. Regularly review Kiteworks MFT logs for any suspicious activity that might indicate a CSRF attack attempt. After upgrading, confirm the fix by attempting to trigger a log access request via a crafted URL and verifying that it fails.
将Kiteworks MFT升级到9.1.0或更高版本。此版本包含针对CSRF漏洞的修复。请参阅版本说明以获取有关升级的更多详细信息。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-53897 is a Cross-Site Request Forgery (CSRF) vulnerability in Kiteworks MFT versions 9.1.0 and earlier, allowing attackers to potentially access log information by tricking administrators.
Yes, if you are running Kiteworks MFT version 9.1.0 or earlier, you are affected by this vulnerability.
Upgrade Kiteworks MFT to version 9.1.0 or later to resolve this vulnerability. Consider implementing stricter access controls as an interim measure.
There is currently no confirmed evidence of active exploitation, but the vulnerability's ease of exploitation warrants caution.
Refer to the official Kiteworks security advisory for detailed information and updates regarding CVE-2025-53897.