A high-severity vulnerability has been discovered in multiple Kiteworks products, which could allow an unauthenticated attacker to bypass security controls and access or manipulate sensitive files. Successful exploitation of this flaw could lead to a significant data breach, disrupting critical business operations that rely on the secure file transfer platform. Organizations are urged to apply the vendor-supplied security updates immediately to mitigate the risk of data exposure and system compromise.

This vulnerability is an authentication bypass flaw within the API responsible for managing file transfers. Due to improper validation of user session tokens, an unauthenticated remote attacker can craft a specialized HTTP request to a specific API endpoint. By manipulating certain parameters within the request, the attacker can impersonate a legitimate user, gaining unauthorized access to read, write, or delete files managed by the Kiteworks platform.

This vulnerability is rated as High severity with a CVSS score of 7.1. Exploitation could have a severe impact on the business by compromising the confidentiality and integrity of sensitive data managed by the Kiteworks MFT solution. Potential consequences include unauthorized access to proprietary information, customer data, or regulated data (e.g., PII, PHI), leading to significant regulatory fines (GDPR, HIPAA), reputational damage, and financial loss. The disruption of automated file transfer workflows could also halt critical business processes that depend on the platform.

Immediate Action: The primary remediation is to apply the security updates provided by Kiteworks across all affected systems immediately. Before deployment, test the patches in a non-production environment to ensure compatibility. After patching, review access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for exploitation attempts. This includes reviewing web server and application logs for unusual or malformed API requests, especially those directed at file access endpoints from unknown IP addresses. Implement alerts for large or anomalous data transfers and monitor for any unauthorized file modifications or deletions.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Restrict access to the Kiteworks platform at the network level, allowing connections only from trusted IP address ranges.
• Deploy a Web Application Firewall (WAF) with rules specifically configured to inspect and block malicious requests targeting the vulnerable API endpoint.
• Temporarily disable the affected API functionality if it is not critical for business operations until patching can be completed.

Public Exploit Available: false

Given the high severity (CVSS 7.1) and the critical role of the Kiteworks platform in managing sensitive data transfers, this vulnerability poses a significant risk to the organization. Although this CVE is not currently listed on the CISA KEV catalog, its potential for data exfiltration makes it a prime target for future exploitation. We strongly recommend that organizations prioritize the immediate deployment of vendor-supplied patches. If patching is delayed, compensating controls such as network segmentation and WAF implementation must be deployed as an urgent interim measure.