- 237/2025
- High
Progress has released a security update to address several vulnerabilities affecting Progress MOVEit-Transfer and Progress Flowmon.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks or gain elevated privileges as root on the affected system during the initialization of SSH services.
The addressed vulnerabilities:
1. Progress MOVEit Transfer Uncontrolled Resource Consumption (CVE-2025-10932):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Progress Flowmon Improper File Permission (CVE-2025-11906):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privilege
Sample of the affected products:
- Progress Flowmon 12 versions prior to 12.5.6
- MOVEit Transfer 2025.0.2 (17.0.2) and earlier
- MOVEit Transfer 2023.0 and earlier or 2024.0
Vulnerabilities
- CVE-2025-10932
- CVE-2025-11906
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.