CVE-2025-2324
Published: 19 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-2324 is an Improper Privilege Management vulnerability (CWE-269) in the SFTP module of Progress MOVEit Transfer, specifically affecting users configured as Shared Accounts and enabling privilege escalation. The issue impacts MOVEit Transfer versions from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, and from 2024.1.0 before 2024.1.2. It has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating medium severity with high confidentiality impact.
An attacker with low privileges, such as a user configured as a Shared Account, can exploit this over the network with high attack complexity but no user interaction required. Successful exploitation allows privilege escalation, potentially granting unauthorized access to sensitive data (high confidentiality impact) and limited integrity modifications.
The Progress security advisory at https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 details mitigation steps, including upgrading to patched versions 2023.1.12, 2024.0.8, or 2024.1.2 depending on the deployment.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes an improper privilege management flaw in the SFTP module allowing authenticated low-privilege Shared Account users to escalate privileges over the network, directly mapping to T1068 Exploitation for Privilege Escalation.