Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

Published

2025-03-19T16:15:32.867

Last Modified

2025-07-31T15:53:41.757

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	moveit_transfer	< 2023.1.12	Yes
Application	progress	moveit_transfer	< 2024.0.8	Yes
Application	progress	moveit_transfer	< 2024.1.2	Yes

References

https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 Vendor Advisory ([email protected])