Full Report
Progress Software has released security patches to address a high-severity vulnerability in its MOVEit Transfer platform discovered on October 29, 2025. The flaw, tracked as CVE-2025-10932, affects the AS2 module and allows attackers to consume system resources without proper restrictions. Attribute Details CVE ID CVE-2025-10932 Vulnerability Type Uncontrolled Resource Consumption (CWE-400) Affected Component Progress MOVEit Transfer […] The post Progress Releases Patch for MOVEit Transfer Resource Consumption Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: MOVEit Transfer AS2 Module Uncontrolled Resource Consumption
## CVE Details
- CVE ID: CVE-2025-10932
- CVSS Score: 8.2 (HIGH)
- CWE: Uncontrolled Resource Consumption (CWE-400)
## Affected Systems
- Products: Progress MOVEit Transfer
- Versions:
- 2025.0.0 through 2025.0.2
- 2024.1.0 through 2024.1.6
- 2023.1.0 through 2023.1.15
- Configurations: On-premises installations utilizing the AS2 module. MOVEit Cloud customers are unaffected.
## Vulnerability Description
This high-severity vulnerability resides within the **AS2 module** of Progress MOVEit Transfer. It is classified as Uncontrolled Resource Consumption (CWE-400). An unauthenticated attacker can send specially crafted requests that cause the server to consume excessive system resources, potentially leading to a Denial of Service (DoS) condition, degrading performance, or causing complete system unavailability.
## Exploitation
- Status: Not explicitly detailed as wild exploitation, but the lack of authentication lowers the barrier significantly.
- Complexity: Low (Requires no authentication or user interaction).
- Attack Vector: Network
## Impact
- Confidentiality: Undetermined/Low (Primary impact is availability)
- Integrity: Undetermined/Low
- Availability: High (Direct risk of Denial of Service due to resource exhaustion)
## Remediation
### Patches
Progress has released patched versions that include fixes, such as implementing IP address whitelisting logic for the AS2 module:
- MOVEit Transfer 2025.0.3 (for the 2025.0.x branch)
- MOVEit Transfer 2024.1.7 (for the 2024.1.x branch)
- MOVEit Transfer 2023.1.16 (for the 2023.1.x branch)
### Workarounds
For organizations unable to apply patches immediately:
1. **Disable the AS2 Module:** Temporarily remove specific files from the MOVEit Transfer installation directory to protect the system.
2. **IP Whitelisting:** Configure the AS2 module to only permit connections from trusted trading partner IP addresses.
## Detection
- Indicators of Compromise (IoCs): Monitoring for unusual spikes in system CPU/Memory usage correlated with external HTTP/HTTPS requests directed at the MOVEit Transfer environment, specifically targeting AS2 endpoints.
- Detection methods and tools: Standard network monitoring and endpoint detection response (EDR) tools should flag abnormally high resource utilization on MOVEit Transfer servers.
## References
- Vendor Advisory: community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025 (Please resolve URL structure if necessary for real-world use)