What is CVE-2025-53900?

CVE-2025-53900 is a medium-severity vulnerability in Kiteworks Security-advisories, classified under Privilege Defined With Unsafe Actions. CVSS score: 6.5/10. Published 2025-11-29.

How severe is CVE-2025-53900?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Privilege escalation in Kiteworks Security-advisories

CVE-2025-53900

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for autho…

EPSS: 0.000 (11.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Kiteworks Security-advisories — versions < 9.1.0

Weakness classification (CWE)

CWE-267 — Privilege Defined With Unsafe Actions

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-gjq3-8v6p-2h6h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-53900?: CVE-2025-53900 is a medium-severity vulnerability in Kiteworks Security-advisories, classified under Privilege Defined With Unsafe Actions. CVSS score: 6.5/10. Published 2025-11-29.
How severe is CVE-2025-53900?: Medium severity. CVSS v3 base score is 6.5 out of 10.