Security News > 2023 > June > Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!
A critical zero-day vulnerability in Progress Software's enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data.
" could lead to escalated privileges and potential unauthorized access to the environment," the company warned on Wednesday, and advised customers to take action to protect their MOVEit Transfer environment, "While our team produces a patch."
"A bunch of people have alerted me to a vulnerability in MoveIT, a secure file transfer app used heavily in the UK. I did some digging and it looks like it's a zero day under active exploitation. Not 100% on threat actor yet but it may be one of the ransomware/extortion groups," says security researcher Kevin Beaumont.
According to cybersecurity specialist Daniel Card, there seem to be over 2,500 MOVEit Transfer servers discoverable on the internet, mostly in the US. MOVEit Transfer vulnerability: What can you do?
One commenter on Reddit says that their employer was affected over the Memorial Day weekend and that a ton of files were copied from their MoveIt sites, and others are advising defenders on specific indicators of compromise to look for.
If this is confirmed, it will be the second instance of a zero-day in an enterprise managed file transfer tool being exploited by attackers this year - the first was CVE-2023-0669, a remote code execution vulnerability in Fortra's GoAnywhere solution, leveraged by the Cl0p ransomware gang.
News URL
https://www.helpnetsecurity.com/2023/06/01/moveit-transfer-vulnerability/
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2023-0669 | Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. | 7.2 |