Progress Software has announced the release of security updates aimed at addressing significant vulnerabilities in its MOVEit Automation software. The updates are designed to fix two key issues, including a critical flaw that could potentially allow unauthorized access through an authentication bypass.
Understanding MOVEit Automation
MOVEit Automation, previously known as Central, is a secure solution for managing file transfers within enterprise environments. It facilitates the scheduling and automation of file movement tasks without necessitating custom scripts. This feature makes it a valuable tool for businesses seeking to streamline their file management processes effectively.
Details of the Security Vulnerabilities
The critical vulnerabilities identified are CVE-2026-4670, which has a CVSS score of 9.8 and involves authentication bypass, and CVE-2026-5174, with a CVSS score of 7.7, linked to improper input validation that may lead to privilege escalation. These flaws could be exploited to gain unauthorized access and control over the system, posing significant security risks.
Progress Software has highlighted the potential outcomes of these vulnerabilities, stating that they could allow unauthorized access, administrative privileges, and potential data exposure. The vulnerabilities impact several MOVEit Automation versions, specifically versions 2025.1.4 and earlier, 2025.0.8 and earlier, and 2024.1.7 and earlier.
Immediate Actions for Users
Researchers from Airbus SecLab, Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau, were instrumental in discovering these vulnerabilities. While there are currently no known workarounds, Progress emphasizes the importance of applying the provided patches promptly to ensure system security.
Although there is no current evidence of these particular vulnerabilities being exploited in the wild, the history of similar issues in MOVEit Transfer being targeted by groups like Cl0p ransomware highlights the urgency for users to update their systems. Ensuring these updates are applied can significantly enhance protection against potential security threats.
Overall, these updates underscore the critical importance of maintaining up-to-date software to safeguard enterprise environments from emerging security threats. Users are urged to implement the updates immediately to mitigate any potential risks associated with these vulnerabilities.
