Progress Software program has launched vital safety patches addressing a high-severity vulnerability affecting MOVEit Switch, a extensively used enterprise file switch answer.
The vulnerability, tracked as CVE-2025-10932, carries a CVSS rating of 8.2 and impacts the AS2 module throughout a number of product variations.
The uncontrolled useful resource consumption vulnerability in MOVEit Switch’s AS2 module may enable attackers to disrupt service availability by exhausting system assets.
The flaw exists in variations 2025.0.0 by 2025.0.2, 2024.1.0 by 2024.1.6, and 2023.1.0 by 2023.1.15. With a network-accessible assault vector requiring no authentication or consumer interplay, organizations utilizing affected variations face important publicity to potential service disruptions and exploitation.
MOVEit Switch Vulnerability
The vulnerability stems from insufficient controls over useful resource consumption, labeled beneath CWE-400. This class of flaws allows attackers to overwhelm methods by forcing extreme useful resource allocation, resulting in denial-of-service circumstances that influence professional enterprise operations.
Progress has distributed hotfixes that mandate IP deal with whitelisting for the AS2 module, making a protecting barrier in opposition to unauthorized entry. Organizations should take fast motion based mostly on their particular deployment mannequin.
For enterprises not using the AS2 module with MOVEit merchandise, a brief workaround entails eradicating the susceptible endpoints.
Directors ought to delete the AS2Rec2.ashx and AS2Receiver.aspx information from the C:MOVEitTransferwwwroot listing. This easy method requires no server restart and maintains continuity till everlasting patches are utilized.
For organizations actively utilizing AS2 performance, making use of the hotfix turns into important. After updating to the patched variations MOVEit Switch 2025.0.3, 2024.1.7, or 2023.1.16, directors should configure IP whitelist guidelines for licensed buying and selling companions.
AttributeValueCVE IDCVE-2025-10932ProductProgress MOVEit TransferVulnerability TypeUncontrolled Useful resource ConsumptionAffected ModuleAS2 ModuleCVSS Score8.2 (HIGH)
This entails logging into MOVEit Switch as an administrator, navigating to Settings, accessing Safety Insurance policies, and configuring Distant Entry Guidelines to limit AS2 module entry to trusted accomplice IP addresses.
Progress has made mounted variations out there by its Obtain Middle for patrons sustaining present upkeep agreements. The patch availability spans three main model traces, making certain organizations can replace inside their supported product department.
Prospects with out energetic upkeep agreements ought to contact Progress renewal companies or their designated accomplice account consultant.
Notably, Progress MOVEit Cloud customers require no fast motion, because the cloud infrastructure has already been upgraded to patched variations. Nonetheless, on-premises deployments demand fast consideration to mitigate publicity.
Organizations operating MOVEit Switch variations outdoors these energetic branches ought to prioritize upgrading to at the moment supported releases or implementing the non permanent AS2 endpoint elimination workaround.
The excessive CVSS rating displays the severity of this vulnerability and the potential enterprise influence of service disruptions. Fast deployment of patches represents a vital precedence for safety groups managing file switch infrastructure throughout their enterprise environments.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
