Urgent: Critical MOVEit Automation Flop Allows Authentication Bypass—Patch Now

Progress Software has released an emergency security update to patch a critical vulnerability in MOVEit Automation (formerly Central) that could let attackers bypass authentication entirely. The flaw, tracked as CVE-2025-XXXXX, carries a CVSS score of 9.8 and affects all versions prior to 2025.0.3. Organizations using the file-transfer solution are urged to apply the update immediately.

The bug resides in the web interface's authentication mechanism, allowing unauthenticated remote attackers to gain full system access without credentials. “This is a classic authentication bypass that requires no user interaction—an attacker only needs network access to the vulnerable server,” explained Dr. Lena Torres, a cybersecurity researcher at VulnGuard. “We have seen active scanning for similar vulnerabilities in the past, so the window for patching is very narrow.”

Background

MOVEit Automation is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments. It is widely deployed in finance, healthcare, and government sectors to handle sensitive data transfers without custom scripts.

The vulnerability was discovered during internal security testing and reported to Progress Software on January 15. Progress confirmed the issue and began developing a fix, which was released on February 2 after rigorous validation.

What This Means

If exploited, the flaw could allow an attacker to take complete control of a MOVEit Automation server, potentially exfiltrating or corrupting sensitive data that flows through the system. “Given that MOVEit is often the backbone of file-sharing operations in large enterprises, a compromise could lead to a cascading breach,” said Torres. “This is not just a single-server risk; it could expose the entire data pipeline.”

Progress Software has provided detailed patch guidance in its security advisory. Administrators should immediately upgrade to version 2025.0.3 or apply the hotfix for older releases. No workarounds are available.

The company has not observed any active exploitation in the wild as of the advisory date, but scanning activity is expected to increase once proof-of-concept code circulates. Organizations that cannot patch immediately are advised to restrict network access to the MOVEit Automation web interface and monitor for unusual authentication attempts.

This is the second critical flaw in Progress Software's MOVEit product line in the past year, following the widely exploited 2023 vulnerability that affected MOVEit Transfer. The renewed focus on authentication security underscores the importance of rapid patch management in supply chain-critical software.

For further details, see the official advisory or contact Progress Software support.