CVE-2025-2324

Medium

Published: 19 March 2025

Published

19 March 2025

Modified

31 July 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0010 26.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2324 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Progress Moveit Transfer. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the Improper Privilege Management flaw in MOVEit Transfer's SFTP module by requiring timely remediation through patching to versions 2023.1.12, 2024.0.8, or 2024.1.2.

AC-6 Least Privilege good match

prevent

Enforces least privilege to counter improper privilege management in shared accounts, preventing escalation to unauthorized access levels.

AC-2 Account Management partial match

prevent

Provides proper account management for shared accounts in MOVEit Transfer, reducing configurations susceptible to privilege escalation exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The CVE describes an improper privilege management flaw in the SFTP module allowing authenticated low-privilege Shared Account users to escalate privileges over the network, directly mapping to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2.

Deeper analysisAI

CVE-2025-2324 is an Improper Privilege Management vulnerability (CWE-269) in the SFTP module of Progress MOVEit Transfer, specifically affecting users configured as Shared Accounts and enabling privilege escalation. The issue impacts MOVEit Transfer versions from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, and from 2024.1.0 before 2024.1.2. It has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating medium severity with high confidentiality impact.

An attacker with low privileges, such as a user configured as a Shared Account, can exploit this over the network with high attack complexity but no user interaction required. Successful exploitation allows privilege escalation, potentially granting unauthorized access to sensitive data (high confidentiality impact) and limited integrity modifications.

The Progress security advisory at https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 details mitigation steps, including upgrading to patched versions 2023.1.12, 2024.0.8, or 2024.1.2 depending on the deployment.