Progress, the company behind MOVEit Transfer, has issued a critical security alert addressing a newly discovered vulnerability in its MOVEit Transfer product.
The flaw, CVE-2024-6576, has been classified as a high-severity issue, with a CVSS score of 7.3, indicating a significant user risk.
The vulnerability found in the SFTP module of MOVEit Transfer stems from improper authentication mechanisms that could allow attackers to escalate their privileges. This issue affects several versions of MOVEit Transfer, specifically:
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
Progress strongly recommends that all affected customers upgrade to the latest patched versions to mitigate this security risk. The table below outlines the fixed versions available for download:
Fixed Version | Documentation | Release Notes |
MOVEit Transfer 2024.0.3 (16.0.3) | Install and upgrade guide | Release Notes 2024.0 |
MOVEit Transfer 2023.1.7 (15.1.7) | Install and upgrade guide | Release Notes 2023.1 |
MOVEit Transfer 2023.0.12 (15.0.12) | Install and upgrade guide | Release Notes 2023.0 |
To upgrade, customers should:
If they have any questions or concerns, customers can open a new Technical Support case by logging into the Progress Community.
Those not under a current maintenance agreement are advised to contact the Progress Renewals team or their Progress partner account representative.
Progress emphasizes that upgrading to a patched release using the full installer is the only way to remediate this issue. Users will experience a system outage during the upgrade process.
Cloud customers, however, do not need to take any action as the cloud service has already been updated to the patched version.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…