CVE-2025-53900
Published: 29 November 2025
Summary
CVE-2025-53900 is a medium-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability in Accellion Kiteworks Managed File Transfer. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199895
Vulnerability details
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in…
more
version 9.1.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability (CVE-2025-53900) in Kiteworks MFT enables low-privileged authorized users to escalate privileges via unsafe role/permission definitions when managing Connections, directly facilitating Exploitation for Privilege Escalation (T1068).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.