Primary

Context

Kiteworks MFT Cross-Site Request Forgery Vulnerability Allowing Log Information Access

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Kiteworks MFT versions prior to 9.1.0. This vulnerability could enable an external attacker to access log information by deceiving an administrator into visiting a specially crafted fake page within Kiteworks MFT.

Impact

Exploitation of this vulnerability could lead to unauthorized access to log information from the affected system.

Remediation

Users are advised to upgrade Kiteworks MFT to version 9.1.0 or later.

Added: Nov 29, 2025, 3:25 AM

Updated: Nov 29, 2025, 3:25 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiteworks MFT Cross-Site Request Forgery Vulnerability Allowing Log Information Access

Vulnerability

Impact

Remediation

Affected Products

Kiteworks MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating