CVE-2025-10932Uncontrolled Resource Consumption in Moveit Transfer

CWE-400Uncontrolled Resource ConsumptionCWE-117Improper Output Neutralization for Logs4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 94.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Progress Moveit Transfer
Timeline
PublishedOct 29

Description

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

CVEListV5progress/moveit_transfer2025.0.02025.0.3+2

🔴Vulnerability Details

2
CVEList
AS2 module allows uncontrolled file uploads2025-10-29
GHSA
GHSA-jcfc-r24f-p75w: Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module)2025-10-29

📋Vendor Advisories

1
Microsoft
lldptool version 1.0.1 and older can print a raw unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the bu2018-08-14
CVE-2025-10932 — Uncontrolled Resource Consumption | cvebase