Cybersecurity Vulnerabilities

CVE-2025-13147: Critical SSRF Vulnerability Identified in Progress MOVEit Transfer

November 19, 2025 - By 

Overview

CVE-2025-13147 is a Server-Side Request Forgery (SSRF) vulnerability affecting Progress MOVEit Transfer. This vulnerability could allow an attacker to force the MOVEit Transfer server to make requests to unintended locations, potentially exposing sensitive internal resources or facilitating further attacks.

This issue affects MOVEit Transfer versions prior to 2024.1.8, versions from 2025.0.0 before 2025.0.4.

Technical Details

A Server-Side Request Forgery (SSRF) vulnerability occurs when a web application allows an attacker to control the destination of requests made by the server. In the context of MOVEit Transfer, a successful exploit could enable an attacker to:

  • Scan internal network resources.
  • Access internal services not directly exposed to the internet.
  • Potentially read sensitive data from internal systems.
  • In some cases, execute arbitrary code on internal servers, depending on the nature of the targeted internal service.

The specific mechanism by which this SSRF is triggered within MOVEit Transfer is not detailed publicly, but it is crucial to understand that the server’s trust of user-supplied input related to URL construction or request parameters is likely the underlying cause.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) provides a standardized way to assess the severity of vulnerabilities. CVE-2025-13147 has been assigned a CVSS score of 5.3 (MEDIUM). This score reflects the potential for exploitation and the impact on confidentiality, integrity, and availability.

Possible Impact

The impact of a successful SSRF exploit can be significant:

  • Data Breach: Access to internal resources could lead to the exposure of sensitive data, including user credentials, financial information, and proprietary business data.
  • Internal Reconnaissance: Attackers can use the vulnerability to map the internal network and identify further attack vectors.
  • Denial of Service (DoS): In some cases, the vulnerability can be used to overload internal services, leading to a denial of service.
  • Lateral Movement: Gaining access to internal systems can provide a foothold for attackers to move laterally within the network.

Mitigation and Patch Steps

The primary mitigation step is to upgrade your MOVEit Transfer instance to a patched version. Progress has released updates that address this vulnerability. Specifically, upgrade to:

  • Version 2024.1.8 or later
  • Version 2025.0.4 or later

Always follow Progress’s recommended upgrade procedures, including backing up your system before applying any patches.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *