CVE-2025-53896

HIGH

Kiteworks MFT <9.1.0 - Info Disclosure

Title source: llm

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

References (1)

[Patch, Third Party Advisory] https://github.com/kiteworks/security-advisories/security/advisories/GHSA-23h2-3jj8-58hm

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-613

Status published

Products (1)

accellion/kiteworks_managed_file_transfer < 9.1.0

Published Nov 29, 2025

Tracked Since Feb 18, 2026