Progress MOVEit Transfer
Easy fix5 remedies
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 2025.0.0, < 2025.0.3
- >= 2024.1.0, < 2024.1.7
- >= 2023.1.0, < 2023.1.16
Progress MOVEit Transfer Uncontrolled Resource Consumption Vulnerability in AS2 Module
Vulnerability
Patched
A high-severity uncontrolled resource consumption vulnerability has been identified in the AS2 module of Progress MOVEit Transfer. This issue affects multiple versions: 2025.0.0 prior to 2025.0.3, 2024.1.0 prior to 2024.1.7, and 2023.1.0 prior to 2023.1.16.
Impact
Exploitation of this vulnerability can lead to uncontrolled resource consumption, potentially causing a denial-of-service condition on the affected system.
Remediation
A hotfix has been released for MOVEit Transfer that requires IP addresses to be whitelisted for AS2 module use. Customers not using AS2 should temporarily remove AS2 endpoints by deleting specific files from the MOVEit Transfer installation directory. For those using AS2, the hotfix should be applied and the IP addresses of AS2 trading partners added to the AS2 whitelist. Instructions for downloading the hotfix are available for customers with a current maintenance agreement.
Added: Oct 29, 2025, 3:20 PM
Updated: Oct 29, 2025, 3:20 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
8.3relevance
0.8threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.