Security vulnerability: Attackers can restrict MOVEit Transfer service

Attackers can exploit a security vulnerability in MOVEit Transfer to disrupt file transfers. An update is available for download.

Protect instances from attacks

The developers point out the vulnerability in a post (CVE-2025-10932 “high”). They recommend a swift update. So far, there are no reports of attackers exploiting the vulnerability. The security issue specifically affects the AS2 module. The description of the vulnerability reads as follows, meaning attackers can upload malicious code and thus render the file transfer software unusable.

The versions up to and including 2023.0, 2023.1.15 (15.1.15), 2024.0, 2024.1.6 (16.1.6), and 2025.0.2 (17.0.2) are affected. The developers assure that the vulnerability has been closed in the following versions:

• MOVEit Transfer 2023.1.16 (15.1.16)
• MOVEit Transfer 2024.1.7 (16.1.7)
• MOVEit Transfer 2025.0.3 (17.0.3)

Since support for 2023.0 and 2024.0 has expired and there are no more security updates, administrators must upgrade to a still-supported version. Alternatively, there is a temporary solution: to secure systems, administrators must delete the files AS2Rec2.ashx and AS2Receiver.aspx under C:\MOVEitTransfer\wwwroot.

After installing the security update, further work is required: Since the patch restricts access via a list of allowed IP addresses, administrators must manually enter the respective addresses in the settings (Settings->Security Policies->Remote Access->Default Rules). An already secured version is reportedly running in the online service MOVEit Cloud.

MOVEit made headlines in mid-2023 because an exploited critical vulnerability had worldwide repercussions.

(des)