Moveit transfer

This hub aggregates every CVE we track for Moveit transfer, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Moveit transfer.

• CVE-2025-11235MOVEit Transfer REST API does not require current password in order to initiate the password change process3.7Jan 6, 2026
• CVE-2025-13147External Service Interaction (DNS)5.3Nov 19, 2025
• CVE-2025-10932AS2 module allows uncontrolled file uploads8.2Oct 29, 2025
• CVE-2025-2324A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder5.9Mar 19, 2025
• CVE-2024-6576MOVEit Transfer Privilege Escalation Vulnerability7.3Jul 29, 2024
• CVE-2024-5806MOVEit Transfer Authentication Bypass Vulnerability9.1Jun 25, 2024
• CVE-2024-2291MOVEit Transfer Logging Bypass Vulnerability4.3Mar 20, 2024
• CVE-2024-0396Missing Server-Side Input Validation in HTTP Parameter7.1Jan 17, 2024
• CVE-2023-6218MOVEit Transfer Group Admin Privilege Escalation7.2Nov 29, 2023
• CVE-2023-6217MOVEit Transfer XSS via MOVEit Gateway7.1Nov 29, 2023
• CVE-2023-42656MOVEit Transfer Reflected XSS6.1Sep 20, 2023
• CVE-2023-40043MOVEit Transfer System Administrator SQL Injection7.2Sep 20, 2023
• CVE-2023-42660MOVEit Transfer Machine Interface SQL Injection8.8Sep 20, 2023
• CVE-2023-36932In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities hav...8.1Jul 5, 2023
• CVE-2023-36934In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been ide...9.1Jul 5, 2023