CVE-2025-10932— AS2 module allows uncontrolled file uploads
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-10932
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AS2 module allows uncontrolled file uploads
Source: NVD (National Vulnerability Database)
Vulnerability Description
Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Progress MOVEit Transfer 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Progress MOVEit Transfer是Progress公司的一款安全的托管文件传输应用程序。 Progress MOVEit Transfer存在资源管理错误漏洞,该漏洞源于AS2模块存在不受控制的资源消耗问题。以下版本受到影响:2025.0.0版本至2025.0.3之前版本、2024.1.0版本至2024.1.7之前版本和2023.1.0版本至2023.1.16之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Progress | MOVEit Transfer | 2025.0.0 ~ 2025.0.3 | - |
II. Public POCs for CVE-2025-10932
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-10932
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: MOVEit Transfer
- CVE-2025-11235
MOVEit Transfer REST API does not require current password i - CVE-2025-13147
External Service Interaction (DNS) - CVE-2025-2324
A MOVEit Transfer user configured as a Shared Account can ga - CVE-2024-6576
MOVEit Transfer Privilege Escalation Vulnerability - CVE-2024-5806
MOVEit Transfer Authentication Bypass Vulnerability
Same vendor: Progress
- CVE-2026-2701
RCE vulnerability in Progress ShareFile Storage Zones Contro - CVE-2026-2699
EAR vulnerability in Progress ShareFile Storage Zones Contro - CVE-2025-11235
MOVEit Transfer REST API does not require current password i - CVE-2025-13147
External Service Interaction (DNS) - CVE-2025-10703
Progress多款产品 代码注入漏洞
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2025-10932
No comments yet