Primary

Context

Kiteworks MFT Insufficient Session Expiration Vulnerability

Vulnerability

Patched

A vulnerability exists in Kiteworks MFT versions prior to 9.1.0, where a user's active session may not time out properly due to inactivity, potentially leading to unauthorized access. This issue has been addressed in version 9.1.0.

Impact

This vulnerability can result in sessions remaining active longer than intended, increasing the risk of unauthorized access.

Remediation

Users are advised to upgrade Kiteworks MFT to version 9.1.0 or later.

Added: Nov 29, 2025, 3:25 AM

Updated: Nov 29, 2025, 3:25 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

4.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

4.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiteworks MFT Insufficient Session Expiration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Kiteworks MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating