anonhaven
Ad

CVE-2025-11235

HIGH CVSS 3.1: 7.5 EPSS 0.03%
Updated Feb 03, 2026
Progress
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions 2022.0.0 — 2023.1.3
Fixed In 2022.0.10
Type CWE-620
Vendor Progress
Public PoC No

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-620

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Progress Moveit_Transfer
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
 2022.0.0 2022.0.10
Progress Moveit_Transfer
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
 2022.1.0 2022.1.11
Progress Moveit_Transfer
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
 2023.0.0 2023.0.8
Progress Moveit_Transfer
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
 2023.1.0 2023.1.3

References 1

https://docs.progress.com/bundle/moveit-transfer-release-notes-2023_1/page/Fixe…
security@progress.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3692

Progress

8.7

CVE-2026-2878

Progress

5.9

CVE-2025-10703

Progress

8.6

CVE-2025-10702

Progress

8.6

CVE-2024-6097

Progress

5.3