CVE-2025-13147
📋 TL;DR
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer that allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. It affects MOVEit Transfer versions before 2024.1.8 and versions 2025.0.0 through 2025.0.3. Organizations using affected versions are at risk of data exfiltration and internal network probing.
💻 Affected Systems
- Progress MOVEit Transfer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems within the network, potentially leading to full network compromise.
Likely Case
Attackers scan internal networks, access metadata services, or make requests to internal APIs to gather information about the infrastructure.
If Mitigated
With proper network segmentation and egress filtering, impact is limited to denial of service or failed connection attempts.
🎯 Exploit Status
SSRF vulnerabilities typically require some level of access or interaction with the application, but specific exploit details are not publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.1.8 or 2025.0.4 or later
Vendor Advisory: https://docs.progress.com/bundle/moveit-transfer-release-notes-2024/page/Fixed-Issues-in-2024.1.8.html
Restart Required: Yes
Instructions:
1. Backup your MOVEit Transfer configuration and data. 2. Download the appropriate patch from Progress support portal. 3. Apply the patch following vendor instructions. 4. Restart the MOVEit Transfer service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Egress Filtering
allRestrict outbound connections from MOVEit servers to only necessary destinations
Application Firewall Rules
allImplement WAF rules to block SSRF patterns in requests
🧯 If You Can't Patch
- Isolate MOVEit Transfer servers in a restricted network segment with limited outbound access
- Implement strict input validation and URL filtering at the application level
🔍 How to Verify
Check if Vulnerable:
Check MOVEit Transfer version in admin interface or via version file in installation directoryCheck Version:
On Windows: Check 'C:\Program Files\MOVEit\Transfer\version.txt'. On Linux: Check '/opt/MOVEit/Transfer/version.txt'Verify Fix Applied:
Confirm version is 2024.1.8 or higher, or 2025.0.4 or higher in the admin interface📡 Detection & Monitoring
Log Indicators:
- Unusual outbound connection attempts from MOVEit server
- Requests to internal IP addresses or metadata services
Network Indicators:
- Unexpected outbound traffic from MOVEit servers to internal systems
- Requests to cloud metadata endpoints
SIEM Query:
source="moveit-transfer" AND (dest_ip=169.254.169.254 OR dest_ip IN [internal_ranges])🔗 References
- https://docs.progress.com/bundle/moveit-transfer-release-notes-2024/page/Fixed-Issues-in-2024.1.8.html
- https://docs.progress.com/bundle/moveit-transfer-release-notes-2025/page/Fixed-Issues-in-2025.0.4.html
- https://docs.progress.com/bundle/moveit-transfer-release-notes-2025_1/page/Fixed-Issues-in-2025.1.html
