Thursday, April 24, 2025
HomeCVE/vulnerabilityCritical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access

Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access

Published on

SIEM as a Service

Follow Us on Google News

A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers.

The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can be exploited by sending specially crafted requests to the MOVEit Transfer server, bypassing authentication checks, and gaining administrative access.

The affected versions include MOVEit Transfer 2023.0.0 to 2023.0.10, 2023.1.0 to 2023.1.5, and 2024.0.0 to 2024.0.1.

- Advertisement - Google News

Progress strongly urges all MOVEit Transfer customers using the affected versions to immediately upgrade to the latest patched version. The patched versions are as follows:

  • MOVEit Transfer 2023.0.11
  • MOVEit Transfer 2023.1.6
  • MOVEit Transfer 2024.0.2

Researchers at Rapid7 confirmed they could reproduce the exploit and achieve an authentication bypass against vulnerable, unpatched versions of MOVEit Transfer and MOVEit Gateway. 

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Impact and Mitigation

The Improper Authentication vulnerability in MOVEit Transfer’s SFTP module can allow attackers to bypass authentication mechanisms and gain unauthorized access to the system. This could potentially lead to data breaches, theft of sensitive information, and other malicious activities.

Researchers at watchTowr initially disclosed the vulnerability and published a detailed technical analysis.

To mitigate the risk, customers are advised to upgrade to the patched versions of MOVEit Transfer using the full installer. The upgrade process will cause a system outage while running.

This vulnerability does not affect MOVEit Cloud customers, as the patch has already been deployed to the cloud infrastructure. Additionally, MOVEit Cloud is safeguarded against third-party vulnerability through strict access controls on the underlying infrastructure.

To mitigate the third-party vulnerability, Progress recommends the following steps:

  1. Verify that public inbound RDP access to MOVEit Transfer servers is blocked.
  2. Limit outbound access from MOVEit Transfer servers to only known trusted endpoints.

Progress will make the third-party vendor’s fix available to MOVEit Transfer customers once released.

Progress has acknowledged the severity of CVE-2024-5806 and is working closely with customers to ensure the vulnerability is addressed swiftly. The company has also provided detailed guidance on applying the patch and securing affected systems.

Progress encourages customers to sign up for the Progress Alert and Notification Service (PANS) to receive email notifications for future product and security updates. Customers can log into the Progress Community Portal to subscribe to PANS.

Customers can refer to Progress’s FAQ page for information and frequently asked questions about Progress Alert Notifications.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory

A high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash...

Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities

Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of...

Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score...

GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs

GitLab, a leading DevOps platform, has released a critical security patch impacting both its...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory

A high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash...

Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score...

GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs

GitLab, a leading DevOps platform, has released a critical security patch impacting both its...