CVE-2025-53897

medium

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cxwc-7899-3h4m

Details

Source: Mitre, NVD

Published: 2025-11-29

Updated: 2025-12-01

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00015

Detections

Analytics