Description
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.

This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Published: 2026-05-20
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Allocation of resources without limits or throttling in Progress Software MOVEit Automation allows attackers to trigger excessive allocation that may consume significant system resources and cause denial of service. The vulnerability is categorized as CWE-770, indicating uncontrolled resource consumption. The description explicitly states that the issue permits excessive allocation but does not detail the exact consequences beyond potential service degradation.

Affected Systems

Progress Software MOVEit Automation is affected. The vulnerability exists in all releases before 2025.0.11 and in releases from 2025.1.0 up to but not including 2025.1.7. Versions 2025.0.10 and earlier, as well as 2025.1.0 through 2025.1.6, are vulnerable, while 2025.0.11 and 2025.1.7 and later are fixed.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog, suggesting a lower likelihood of widespread exploitation. The attack vector is not explicitly stated in the data; given the nature of the flaw, it is inferred that remote or local authenticated users could invoke the vulnerable functionality to consume resources. The lack of explicit exploitation evidence implies that denial of service would require sufficient impact on system resources rather than direct compromise.

Generated by OpenCVE AI on May 20, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed release such as 2025.0.11 or later, which contains the fix for this issue.
  • Configure resource limits or throttling in MOVEit Automation to prevent excessive allocation if upgrade is not immediately possible.
  • Monitor system resource usage for abnormal spikes and investigate any sudden increases to ensure the vulnerability is not being exploited.

Generated by OpenCVE AI on May 20, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Title Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-05-20T15:29:52.391Z

Reserved: 2026-05-13T14:50:42.310Z

Link: CVE-2026-8488

cve-icon Vulnrichment

Updated: 2026-05-20T15:29:49.821Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T16:16:27.580

Modified: 2026-05-20T17:32:35.827

Link: CVE-2026-8488

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T17:00:14Z

Weaknesses