Privilege Defined With Unsafe Actions

CVE-2025-53900

Medium

6.5/10

Summary

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-267 - Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

Advisory Timeline

Published Nov 29, 2025

Privilege Defined With Unsafe Actions

CVE-2025-53900

Summary

CWE-267 - Privilege Defined With Unsafe Actions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS