GCVE-VVD-NCSC-2025-375

Advisory PublishedCVSS 5.3/10

Vulnetix · Advisory published November 21, 2025

A Server-Side Request Forgery (SSRF) vulnerability exists in Progress MOVEit Transfer, impacting versions prior to 2024.1.8 and from 2025.0.0 to before 2025.0.4.

Download JSON Open in Console

Weaknesses (CWE)

CWE-918Server-Side Request Forgery (SSRF)

Risk Scores

CVSS 3.1

5.3/10

Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions	Platforms
Progress	vers:unknown/*	—	—

Aliases

CVE-2025-13147

Transitive aliases

VVD-CISA-2025-13147 GHSA-4hw6-j957-chcw EUVD-2025-198167

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON