Description
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.

This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Published: 2026-05-20
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An uncontrolled memory allocation flaw exists in Progress Software MOVEit Automation that can lead to excessive allocation of system resources. The vulnerability allows an attacker to trigger allocations that exceed expected limits, potentially exhausting available memory and rendering the system unresponsive. The impact primarily affects availability by causing service disruption; no evidence indicates a direct confidentiality or integrity compromise.

Affected Systems

The flaw affects versions of MOVEit Automation released before 2025.0.11 and those from 2025.1.0 up to but not including 2025.1.7. Users running the affected releases must consider upgrading to a fixed version to avoid the risk.

Risk and Exploitability

With a CVSS score of 5.9, the vulnerability represents a moderate risk level. No EPSS data is available, and the issue is not listed in the CISA KEV catalog. The likely attack vector is through exposed interfaces or APIs that the product makes available to external users, although this is inferred from the nature of the flaw and not explicitly detailed in the description. Attackers would need network or local access to trigger the excessive allocation, making it potentially easier to exploit than remote code execution but still significant enough to warrant prompt remediation.

Generated by OpenCVE AI on May 20, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MOVEit Automation to version 2025.0.11 or later, or to 2025.1.7 or later where the memory allocation controls are corrected.
  • Adjust configuration settings to limit the maximum size of memory blocks that can be requested, thereby reducing the potential impact if the flaw is temporarily present.
  • Continuously monitor system memory usage for abnormal spikes and apply the latest vendor patches as soon as they become available to ensure the defect is permanently resolved.

Generated by OpenCVE AI on May 20, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress moveit Automation
CPEs cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*
Vendors & Products Progress
Progress moveit Automation

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Title Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Progress Moveit Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-05-20T14:24:51.862Z

Reserved: 2026-05-13T14:50:39.764Z

Link: CVE-2026-8485

cve-icon Vulnrichment

Updated: 2026-05-20T14:24:47.362Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T14:17:04.603

Modified: 2026-05-20T17:50:03.217

Link: CVE-2026-8485

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:15:06Z

Weaknesses