Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
The vulnerability, classified as CWE-305 (Authentication Bypass by Primary Weakness), allows an attacker to bypass the application's primary authentication mechanism without possessing any credentials. The attack is executed remotely over the network (AV:N), requires no privileges (PR:N) or user interaction (UI:N), and has low attack complexity (AC:L). The detailed technical mechanism has not been disclosed in the vendor's public bulletin.
Successful exploitation of this vulnerability may allow an attacker to gain complete control over the MOVEit Automation system, including unauthorized access to sensitive data, modification or deletion of data, and disruption of service availability (complete breach of confidentiality, integrity, and availability).
MOVEit Automation must be updated immediately to version 2025.0.9 or later (for the 2025.x branch) or to version 2024.1.8 or later (for the 2024.x branch). Detailed update instructions are available in the vendor's official security bulletin at: https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174
Progress Software MOVEit Automation in versions: 2025.0.0 before 2025.0.9, 2024.0.0 before 2024.1.8, and all versions earlier than 2024.0.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProgress Moveit Automation
APPProgress< 2024.1.82025.0.0 – 2025.1.5 (bez)
Related vulnerabilities
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. T...
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocatio...
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Se...
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allo...
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allo...