CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::

History

31 Jul 2025, 15:53

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de administración incorrecta de privilegios para usuarios configurados como cuentas compartidas en progreso MOVEit Transfer (módulo SFTP) permite la escalada de privilegios. Este problema afecta a MOVEit Transfer: desde 2023.1.0 antes de 2023.1.12, desde 2024.0.0 antes de 2024.0.8, desde 2024.1.0 antes de 2024.1.2.
References	~~() https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 -~~	() https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 - Vendor Advisory
First Time		Progress Progress moveit Transfer
CPE		cpe:2.3:a:progress:moveit_transfer::::::::

19 Mar 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 16:15

Updated : 2025-07-31 15:53

NVD link : CVE-2025-2324

Mitre link : CVE-2025-2324

CVE.ORG link : CVE-2025-2324

JSON object : View

Products Affected

progress

moveit_transfer

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-2324", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-19T16:15:32.867", "references": [{"url": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025", "tags": ["Vendor Advisory"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2."}, {"lang": "es", "value": "La vulnerabilidad de administraci\u00f3n incorrecta de privilegios para usuarios configurados como cuentas compartidas en progreso MOVEit Transfer (m\u00f3dulo SFTP) permite la escalada de privilegios. Este problema afecta a MOVEit Transfer: desde 2023.1.0 antes de 2023.1.12, desde 2024.0.0 antes de 2024.0.8, desde 2024.1.0 antes de 2024.1.2."}], "lastModified": "2025-07-31T15:53:41.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB61BF7-DE68-4CA6-A12A-FDA0664EC962", "versionEndExcluding": "2023.1.12", "versionStartIncluding": "2023.1.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "561B8E31-75FC-413F-889B-FF98ADA77706", "versionEndExcluding": "2024.0.8", "versionStartIncluding": "2024.0.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D68B2ECD-7F36-47D7-82FF-6B9182876440", "versionEndExcluding": "2024.1.2", "versionStartIncluding": "2024.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}