CVE-2025-53897 – Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability

CVE ID : CVE-2025-53897

Published : Nov. 29, 2025, 3:15 a.m. | 1 hour, 8 minutes ago

Description : Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66291 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

CVE-2025-66290 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments

CVE-2025-66289 – OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

CVE-2025-66225 – OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow