Primary

Context

Kiteworks MFT Privilege Escalation Vulnerability via Intercepted Communication Channel

Vulnerability

Patched

A vulnerability exists in Kiteworks MFT versions prior to 9.1.0, where an incorrectly specified destination in a communication channel allows an attacker with administrative privileges to intercept upstream communications. This interception could lead to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability could allow an attacker with administrative privileges to intercept communications and escalate privileges further.

Remediation

Users are advised to upgrade Kiteworks MFT to version 9.1.0 or later.

Added: Nov 29, 2025, 3:24 AM

Updated: Nov 29, 2025, 3:24 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

4.5

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

4.5

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiteworks MFT Privilege Escalation Vulnerability via Intercepted Communication Channel

Vulnerability

Impact

Remediation

Affected Products

Kiteworks MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating