Description
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.

This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Published: 2026-05-20
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Progress Software MOVEit Automation allows an attacker to allocate resources without any constraints, leading to flooding of the system and potential exhaustion of memory, CPU, or I/O. This vulnerability, identified as CWE‑770, can render the application unresponsive, denying legitimate users access and impacting business continuity.

Affected Systems

The issue affects Progress Software MOVEit Automation versions prior to 2025.0.11 and the 2025.1.0 through 2025.1.6 releases. Versions 2025.0.11 and 2025.1.7 contain the fix, as noted in the Progress release notes.

Risk and Exploitability

With a CVSS score of 5.3, the flaw represents moderate severity, and no EPSS information is available. The vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit it remotely by sending a large volume of requests or data, potentially without authentication. Such exploitation can overwhelm system resources, leading to denial of service.

Generated by OpenCVE AI on May 20, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to Moveit Automation 2025.0.11 or later
  • Update to Moveit Automation 2025.1.7 or later
  • Configure resource limits or rate‑limiting on the application to prevent flooding

Generated by OpenCVE AI on May 20, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Title Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-05-20T15:30:29.106Z

Reserved: 2026-05-13T14:50:40.357Z

Link: CVE-2026-8486

cve-icon Vulnrichment

Updated: 2026-05-20T15:30:26.495Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T16:16:27.347

Modified: 2026-05-20T17:32:35.827

Link: CVE-2026-8486

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T16:30:14Z

Weaknesses