Progress MOVEit Transfer AS2 Module Vulnerability (CVE-2025-10932) Disclosure and Patching
Progress Software has disclosed and patched a high-severity vulnerability, tracked as CVE-2025-10932, affecting the AS2 module of MOVEit Transfer. The flaw impacts multiple versions, including MOVEit Transfer 2025.0.2 (17.0.2) and prior, 2024.1.6 (16.1.6) and prior, 2023.1.15 (15.1.15) and prior, as well as 2023.0 and 2024.0 and earlier releases. Security advisories urge users and administrators to review the official updates and apply necessary patches to mitigate the risk associated with this vulnerability.
The Canadian Centre for Cyber Security has also issued an alert referencing the same vulnerability, emphasizing the importance of prompt remediation. No evidence of exploitation in the wild has been reported at this time, but the critical nature of the flaw and the widespread use of MOVEit Transfer in enterprise environments make timely patching essential to prevent potential compromise.
Timeline
Oct 31, 2025
Progress releases patches for MOVEit Transfer AS2 flaw CVE-2025-10932
Progress issued a security advisory and released patches for a high-severity vulnerability in the MOVEit Transfer AS2 module, tracked as CVE-2025-10932. The advisory was published on October 31, 2025, and no earlier distinct events are described in the provided references.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Critical Authentication Bypass Flaws Disclosed in Progress MOVEit Automation
Progress Software disclosed two critical vulnerabilities in **MOVEit Automation**, including **CVE-2026-4670**, an improper authentication flaw that can allow authentication bypass over the network without user interaction. The issue is rated critical with CVSS `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating potential for high-impact compromise of confidentiality, integrity, and availability. Progress linked the flaw to **CWE-305** and included it in a security bulletin covering both **CVE-2026-4670** and **CVE-2026-5174**. The advisories affect multiple MOVEit Automation release branches, including versions prior to **2025.0.9**, **2024.1.8**, and releases before **2024.0.0**, with broader vendor and government guidance also referencing affected builds such as **2025.1.4 and earlier**, **2025.0.8 and earlier**, **2024.1.7 and earlier**, and **2024.0.0 and earlier**. The Canadian Centre for Cyber Security urged organizations to review the Progress bulletin and apply the required updates to mitigate exposure in internet-reachable file transfer automation environments.
2 days ago
Progress LoadMaster API Flaws Enable Authenticated OS Command Injection
Progress disclosed two high-severity OS command injection vulnerabilities in its ADC product line, including **LoadMaster**, **ECS Connection Manager**, **Object Scale Connection Manager**, and **MOVEit WAF**. The issues, tracked as `CVE-2026-3517` and `CVE-2026-3519`, affect the API and can lead to remote code execution when authenticated administrators submit unsanitized input to specific commands. Both flaws are classified as `CWE-77` and carry a `CVSS v3.1` vector of `AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H`, indicating high impact across confidentiality, integrity, and availability. `CVE-2026-3517` allows an attacker with **Geo Administration** permissions to exploit the `addcountry` command, while `CVE-2026-3519` requires **VS Administration** permissions to abuse the `aclcontrol` command. In both cases, Progress said arbitrary commands could be executed through the vulnerable API, and the vendor published an advisory covering these and related CVEs. Organizations using affected appliances should prioritize reviewing administrative access and applying vendor guidance to reduce exposure to authenticated abuse paths.
1 weeks ago
ConnectWise Automate Vulnerabilities Allowing Fake Updates and Unencrypted Communications
ConnectWise Automate, a widely used IT management platform, was found to contain two critical vulnerabilities, CVE-2025-11492 and CVE-2025-11493, which were addressed in the security update for version 2025.9. The first vulnerability, CVE-2025-11492, is rated with a CVSS score of 9.6 and arises from agents transmitting data without encryption when configured to use HTTP instead of HTTPS. This flaw allows attackers with network access to intercept or modify unencrypted communications, potentially exposing sensitive credentials or commands. The second vulnerability, CVE-2025-11493, with a CVSS score of 8.8, is due to missing integrity verification during the update process. This could enable attackers to inject malicious or tampered update files that appear legitimate, leading to unauthorized code execution on managed systems. Both vulnerabilities primarily affect on-premises deployments of ConnectWise Automate running versions prior to 2025.9. ConnectWise published a security advisory on October 16, 2025, urging customers to update to version 2025.9 to mitigate these risks. The Canadian Centre for Cyber Security also issued an alert, recommending that users and administrators review the advisories and apply the necessary updates immediately. The flaws highlight the risks associated with improper use of unsecured communication protocols and the lack of integrity checks in software update mechanisms. Organizations hosting on-premises Automate servers are particularly at risk if they have not yet applied the latest security fixes. The vulnerabilities could be exploited by attackers already present within the network, emphasizing the importance of internal network security and monitoring. The exposure of credentials or the ability to execute unauthorized code could lead to further compromise of managed endpoints. Security experts recommend that organizations not only update their ConnectWise Automate installations but also review their network configurations to ensure encrypted communications are enforced. The advisories stress the urgency of patching, as threat actors may attempt to weaponize these vulnerabilities quickly. The incident underscores the broader need for robust security practices in IT management platforms, which are often high-value targets for attackers. ConnectWise has provided detailed guidance and links to the latest advisories to assist customers in remediation. The vulnerabilities serve as a reminder of the importance of secure software development and regular security assessments for critical infrastructure tools. Organizations are advised to monitor for signs of exploitation and to implement additional controls where possible to mitigate the risk of similar vulnerabilities in the future.
1 months ago