Description
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.

This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Published: 2026-04-30
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper input validation flaw in Progress Software's MOVEit Automation that permits an attacker to elevate privileges. By supplying crafted input, a user can gain higher-level access within the application, potentially reading or modifying sensitive data and bypassing intended security controls. This weakness is categorized as CWE‑20, affecting the integrity and confidentiality of system data.

Affected Systems

Affected are versions of MOVEit Automation from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all releases prior to 2024.0.0. The product is provided by Progress Software.

Risk and Exploitability

The CVSS base score of 7.7 classifies the flaw as high severity. EPSS is not available, and the vulnerability is not currently listed in CISA KEV, indicating no known widespread exploitation. The flaw can be exploited by submitting malformed input to the application’s interfaces; the lack of explicit vector data means the likely attack path could involve an authenticated user with limited rights or a remote client submitting data to the service. Organizations should treat this as a high‑risk issue and act promptly.

Generated by OpenCVE AI on May 1, 2026 at 05:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of MOVEit Automation that fixes the input validation flaw (upgrade to 2025.1.5 or later, 2025.0.9 or later, or 2024.1.8 or later).
  • Restrict network access to the MOVEit Automation service to only trusted hosts or use firewall rules to limit exposure.
  • Enable logging and monitor for anomalous input patterns or unauthorized privilege escalations.

Generated by OpenCVE AI on May 1, 2026 at 05:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*

Fri, 01 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress moveit Automation
Vendors & Products Progress
Progress moveit Automation

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Title Improper Access Control Vulnerability in Progress MOVEit Automation
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Progress Moveit Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-05-01T15:24:46.453Z

Reserved: 2026-03-30T17:29:05.971Z

Link: CVE-2026-5174

cve-icon Vulnrichment

Updated: 2026-04-30T16:08:05.188Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T16:16:44.330

Modified: 2026-05-04T16:47:30.733

Link: CVE-2026-5174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses