Vulnerabilities and Attack Vector
Progress Software has released emergency patches for MOVEit Automation after security researchers from Airbus SecLab discovered two critical vulnerabilities. The flaws include an authentication bypass (CVE-2026-4670) that allows unauthenticated attackers to access the system, and an input validation weakness (CVE-2026-5174) that enables privilege escalation to administrative rights. Both can be exploited directly through the service backend command port interfaces without any user interaction.
Affected Versions and Remediation
Multiple MOVEit Automation versions are impacted including 2025.1.4, 2025.0.8, and 2024.1.7 and all earlier builds. The patched versions are 2025.1.5, 2025.0.9, and 2024.1.8 respectively. Administrators can check their current version by viewing the About section in the Web Admin dashboard. Progress Software warns that only official full installer updates will close the security gaps, and a brief system outage should be expected during installation.
Impact and Recommended Actions
Successful exploitation could allow attackers to bypass login screens, steal sensitive files, and gain complete administrative control of the server. Organizations using MOVEit Automation should immediately update to the patched versions available through the Progress Community portal. Security teams should also review audit logs for unexpected privilege changes or anomalous backend activity. Customers running unsupported versions must migrate to a supported lifecycle release to remain protected.
Source: Cybersecuritynews
