Primary

Context

Progress MOVEit Transfer Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability exists in Progress MOVEit Transfer versions prior to 2024.1.8 and in the 2025.0.0 to 2025.0.4 range. This vulnerability could lead to unnecessary DNS requests originating from the MOVEit server.

Impact

Exploitation of this vulnerability could cause the MOVEit Transfer server to make unnecessary DNS requests, potentially leading to DNS amplification or other related issues.

Remediation

Users can upgrade to MOVEit Transfer version 2024.1.8 or 2025.1 to address this vulnerability.

Added: Nov 19, 2025, 9:25 PM

Updated: Nov 19, 2025, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress MOVEit Transfer Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress MOVEit Transfer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating