Security Alert: Critical Vulnerabilities in MOVEit – CVE-2024-5805 and CVE-2024-5806

Share This Post

Two critical vulnerabilities have been identified in MOVEit software components: CVE-2024-5805 in MOVEit Gateway and CVE-2024-5806 in MOVEit Transfer. Both vulnerabilities concern improper authentication mechanisms within the SFTP modules, potentially allowing unauthorized access.

CVE-2024-5805 affects MOVEit Gateway version v2024.0.0, with a patch available in v2024.0.1. CVE-2024-5806 impacts several versions of MOVEit Transfer, ranging from v2023.0.0 to v2024.0.2. The latter vulnerability also extends to MOVEit Cloud environments, which have been addressed with patches.

Progress Software has issued advisories urging users to upgrade immediately to the patched releases to mitigate these security risks. The upgrade process will require a brief system downtime. No other mitigation is known at this time.

Detailed investigations and a proof-of-concept exploit for CVE-2024-5806 have been published by WatchTowr Labs. Given the serious nature of these vulnerabilities, users are strongly advised to update their systems as soon as possible to prevent potential security breaches. There are reports of threat actors attempting to exploit these vulnerabilities in the wild. If you require assistance or believe you may be affected, please contact csirt@frsecure.com

Links:

https://www.rapid7.com/blog/post/2024/06/25/etr-authentication-bypasses-in-moveit-transfer-and-moveit-gateway

https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806

https://www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.