Urgent Action Required by MOVEit Automation Users
Progress Software has issued a warning to customers about a critical authentication bypass vulnerability within the MOVEit Automation application. MOVEit Automation is a managed file transfer (MFT) that serves as a central automation orchestrator for scheduling and managing file transfer between different systems, including on-premises servers, cloud storage, and third-party partners.
Remotely exploitable vulnerabilities in Internet-facing MFT applications are targeted by threat actors. Certain threat groups such as Cl0p have actively targeted enterprise-grade MFTs, mass exploiting the vulnerabilities in attacks on dozens and, in some cases, thousands of users.
The critical authentication bypass vulnerability has a CVSS v3.1 base score of 9.8 out of 10 and is tracked as CVE-2026-4670 and can be exploited by a remote attacker with no privileges in a low-complexity attack. The vulnerability affects MOVEit Automation versions prior to 2025.1.5, 2025.0.9, and 2024.1.8.
A second high-severity privilege escalation vulnerability has also been identified. The flaw, tracked as CVE-2026-5174, is due to improper input validation and has a CVSS v3.1 base score of 8.8, and affects MOVEit Automation versions from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and versions prior to 2024.0.0. The flaw can be exploited in a low complexity attack without privileges or user interaction.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Exploitation of these vulnerabilities could lead to unauthorized access to the application, and an attacker could gain administrative control and exfiltrate sensitive data. Progress Software has fixed both vulnerabilities in the latest version of the software, and users are advised to install the latest version as soon as possible to prevent exploitation. Progress Software said the only way to remediate the vulnerabilities is to upgrade to a patched release using the full installer. That will require the software to shut down to complete the upgrade.
There are around 1,440 internet-connected devices running vulnerable MOVEit Automation versions, according to a Shodan search, some of which are used by state and local government agencies. Given the extent to which vulnerabilities in MFT solutions are targeted, exploitation is highly likely, although at the time of the announcement, Progress Software had not identified any exploitation in the wild.
