Progress Software has released important security updates to fix two serious vulnerabilities in MOVEit Automation, a widely used managed file transfer (MFT) solution in enterprise environments. One of these flaws is critical and could allow attackers to bypass authentication, making it a major cybersecurity concern for organizations relying on the platform.
This update is especially important for businesses that depend on automated file transfer systems to handle sensitive data, as the vulnerabilities could lead to unauthorized access, privilege escalation, and potential data exposure.
MOVEit Automation (previously known as Central) is a secure, server-based MFT solution designed to automate file transfers across systems without requiring custom scripts. It is commonly used by enterprises to streamline workflows, ensure compliance, and securely manage data movement between internal and external systems.
Due to its critical role in handling sensitive data, any vulnerability in this platform can pose significant risks.
Progress Software has addressed two key vulnerabilities:
- CVE-2026-4670 (CVSS Score: 9.8)
This is a critical authentication bypass vulnerability. Attackers could exploit this flaw to gain access to the system without valid credentials. In simple terms, it allows unauthorized users to log in as if they were legitimate users. - CVE-2026-5174 (CVSS Score: 7.7)
This is a high-severity improper input validation vulnerability. It could allow attackers to escalate privileges, meaning a normal user could gain administrative-level access.
According to Progress Software, these vulnerabilities exist in the backend service command port interfaces. If exploited, attackers could take control of the system, access sensitive data, or disrupt operations.
The vulnerabilities impact the following versions of MOVEit Automation:
- Versions ≤ 2025.1.4 (fixed in 2025.1.5)
- Versions ≤ 2025.0.8 (fixed in 2025.0.9)
- Versions ≤ 2024.1.7 (fixed in 2024.1.8)
Organizations using any of these versions should upgrade immediately to the patched releases.
One critical point highlighted in the advisory is that there are no temporary workarounds to mitigate these vulnerabilities. This means applying the official patches is the only effective way to secure affected systems.
The vulnerabilities were discovered and responsibly disclosed by security researchers from Airbus Security Lab. The team includes:
- Anaïs Gantet
- Delphine Gourdou
- Quentin Liddell
- Matteo Ricordeau
Their findings helped Progress Software address the issues before they could be widely exploited.
Even though Progress Software has not confirmed active exploitation of these vulnerabilities, the risk remains high. Historically, similar vulnerabilities in MOVEit Transfer have been targeted by ransomware groups like Cl0p ransomware group.
These past incidents show how quickly attackers can weaponize flaws in file transfer software to launch large-scale attacks, steal data, and demand ransom payments.
Given this history, organizations should treat these new vulnerabilities as a serious threat and act quickly.
To protect your systems and data, follow these steps:
1. Update Immediately
Install the latest patched versions of MOVEit Automation without delay.
2. Review Access Logs
Check for any unusual login activity or unauthorized access attempts, especially around backend interfaces.
3. Restrict Network Access
Limit access to the service backend command ports to trusted IP addresses only.
4. Apply Security Best Practices
Use strong authentication methods, including multi-factor authentication (MFA), and regularly audit user privileges.
5. Monitor Threat Intelligence
Stay updated on any new developments or reports of exploitation related to these vulnerabilities.
The release of patches for these critical vulnerabilities in MOVEit Automation is a reminder of the importance of proactive cybersecurity measures. Authentication bypass and privilege escalation flaws are among the most dangerous types of vulnerabilities, as they can give attackers full control over systems.
Organizations should not delay patching, especially given the history of attacks targeting file transfer solutions. Keeping systems updated, monitoring activity, and following security best practices are essential steps to reduce risk.
By acting quickly, businesses can protect their data, maintain compliance, and avoid becoming the next target of cybercriminals.
Interesting Article : Windows 11 Gets Smarter App Management with New Uninstall Policy