Cyber Resilience

CVE-2025-53900

Medium

Published: 29 November 2025

Published
29 November 2025
Modified
03 December 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0004 11.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53900 is a medium-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability in Accellion Kiteworks Managed File Transfer. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in…

more

version 9.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability (CVE-2025-53900) in Kiteworks MFT enables low-privileged authorized users to escalate privileges via unsafe role/permission definitions when managing Connections, directly facilitating Exploitation for Privilege Escalation (T1068).

Affected Assets

accellion
kiteworks managed file transfer
≤ 9.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References