CNNVD-202511-3046 Information

CNNVD ID

CNNVD-202511-3046

Related CVE

CVE-2025-53897

• CNNVD Published: 2025-11-29

Description (Chinese)

Kiteworks Mft是美国Kiteworks公司的一个安全管理内部和外部数据传输的软件。 Kiteworks Mft 9.1.0之前版本存在跨站请求伪造漏洞，该漏洞源于管理员可能被诱导访问特制页面，导致日志信息泄露。

Description (English)

Kiteworks Mft is a software for the secure management of internal and external data transmissions by the United States company Kiteworks. The pre-Kiteworks Mft 9.1.0 version had a false gap in cross-site requests, which stemmed from the possibility that administrators might be induced to access specially designed pages, leading to the leaking of log information.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Kiteworks

Published

2025-11-29

Last Modified

2026-02-24

References

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cxwc-7899-3h4m https://access.redhat.com/security/cve/cve-2025-53897

Patch

https://www.kiteworks.com/platform/simple/managed-file-transfer/