Description
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.

This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Published: 2026-04-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper authentication flaw that enables an attacker to bypass the standard login process in Progress MOVEit Automation. Because it allows attackers to circumvent authentication controls, the attacker can gain unauthorized access to the system. This weakness is related to CWE‑305, which describes improper authentication. No additional privilege escalation or other impact details are provided in the CVE data.

Affected Systems

The affected product is Progress Software MOVEit Automation. Vulnerable releases include any version up to and including 2025.0.8, any 2024.0.0‑2024.1.7, and any release before 2024.0.0.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. The EPSS score is not provided, and the vulnerability is not currently listed in CISA KEV. Based on the description, no explicit vulnerability vector is disclosed; however, the implication that authentication can be bypassed suggests a remote exploitation path through the MOVEit Automation interface. The high CVSS score means that if an attacker can exploit the flaw, they can gain full unauthorized access. The lack of an EPSS score or KEV listing does not reduce the urgency, as the maximum severity warrants immediate attention.

Generated by OpenCVE AI on May 1, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Progress MOVEit Automation to a version that is not affected—at least 2025.0.9, 2024.1.8, or any release after 2024.0.0.
  • After upgrading, limit access to the MOVEit Automation interface to trusted IP ranges and configure network segmentation to reduce exposure.
  • Enable and review authentication logging to detect any attempted bypasses and confirm the system operates normally post‑upgrade.

Generated by OpenCVE AI on May 1, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress moveit Automation
Vendors & Products Progress
Progress moveit Automation

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Title Improper Authentication vulnerability in Progress MOVEit Automation
Weaknesses CWE-305
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Progress Moveit Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-05-01T03:55:57.784Z

Reserved: 2026-03-23T18:04:32.645Z

Link: CVE-2026-4670

cve-icon Vulnrichment

Updated: 2026-04-30T16:06:24.172Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T16:16:44.167

Modified: 2026-05-04T18:20:39.803

Link: CVE-2026-4670

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses