A critical authentication bypass vulnerability in Progress Software MOVEit Automation allows attackers to circumvent login requirements and gain unauthorized access.

The application contains a flaw that permits an authentication bypass, effectively allowing an attacker to access the system without valid credentials.

With a CVSS score of 9.8, this vulnerability is critical. Unauthorized access to MOVEit Automation, which is frequently used for sensitive file transfers, poses an extreme risk of data exfiltration and loss of confidentiality for all data processed by the platform.

Immediate Action: Update MOVEit Automation to the latest patched version (2025.0.9, 2024.1.8, or the latest available) immediately.

Proactive Monitoring: Review authentication and access logs for anomalous login activity or unauthorized access attempts from unexpected IP addresses.

Compensating Controls: Implement strict network access controls to limit access to the MOVEit interface to known, trusted management segments.

Public Exploit Available: Unknown

Organizations should prioritize this update. Given the nature of MOVEit as a high-value target for data theft, ensure that the patch is applied across all instances immediately.