{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-53899", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-11T19:05:23.826Z", "datePublished": "2025-11-29T02:25:23.493Z", "dateUpdated": "2025-12-01T15:41:27.509Z"}, "containers": {"cna": {"title": "Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel", "problemTypes": [{"descriptions": [{"cweId": "CWE-941", "lang": "en", "description": "CWE-941: Incorrectly Specified Destination in a Communication Channel", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5"}], "affected": [{"vendor": "kiteworks", "product": "security-advisories", "versions": [{"version": "< 9.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-29T02:25:23.493Z"}, "descriptions": [{"lang": "en", "value": "Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0."}], "source": {"advisory": "GHSA-5gx5-vcpp-8cr5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-01T15:41:01.311382Z", "id": "CVE-2025-53899", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-01T15:41:27.509Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53899", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-01T15:41:01.311382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-01T15:41:18.647Z"}}], "cna": {"title": "Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel", "source": {"advisory": "GHSA-5gx5-vcpp-8cr5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kiteworks", "product": "security-advisories", "versions": [{"status": "affected", "version": "< 9.1.0"}]}], "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5", "name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-941", "description": "CWE-941: Incorrectly Specified Destination in a Communication Channel"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-29T02:25:23.493Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53899", "state": "PUBLISHED", "dateUpdated": "2025-12-01T15:41:27.509Z", "dateReserved": "2025-07-11T19:05:23.826Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-29T02:25:23.493Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:accellion:kiteworks_managed_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "795C3F91-729E-4363-9C52-1C9C7CBAD284", "versionEndExcluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0."}], "id": "CVE-2025-53899", "lastModified": "2025-12-03T17:48:48.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-11-29T03:15:58.817", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory", "Patch"], "url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-5gx5-vcpp-8cr5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-941"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}