{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/moveit-automation-2025.1.x/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":5.9,"id":"CVE-2026-8485"},{"cvss":5.3,"id":"CVE-2026-8486"},{"cvss":6.5,"id":"CVE-2026-8487"},{"cvss":4.3,"id":"CVE-2026-8488"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MOVEit Automation (2025.1.x)","MOVEit Automation"],"_cs_severities":["high"],"_cs_tags":["vulnerability","dos","security-bypass"],"_cs_type":"advisory","_cs_vendors":["Progress"],"content_html":"\u003cp\u003eOn May 21, 2026, CERT-FR published an advisory regarding multiple vulnerabilities in Progress MOVEit Automation. These vulnerabilities, identified by CVE-2026-8485, CVE-2026-8486, CVE-2026-8487, and CVE-2026-8488, can lead to remote denial-of-service (DoS), security policy bypass, and unspecified security compromises. The affected versions include MOVEit Automation versions 2025.1.x prior to 2025.1.7 and versions prior to 2025.0.11. Defenders should apply the patches released by Progress to mitigate these risks and ensure the confidentiality, integrity, and availability of MOVEit Automation instances.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable MOVEit Automation instance running a version prior to 2025.0.11 or 2025.1.7.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits CVE-2026-8485, CVE-2026-8486, CVE-2026-8487, or CVE-2026-8488 to gain unauthorized access.\u003c/li\u003e\n\u003cli\u003eDepending on the specific vulnerability exploited, the attacker bypasses security policies implemented within MOVEit Automation.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious requests to trigger a denial-of-service condition, impacting the availability of MOVEit Automation services.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the unspecified security vulnerability to perform unauthorized actions.\u003c/li\u003e\n\u003cli\u003eThe attacker may attempt to escalate privileges within the MOVEit Automation system.\u003c/li\u003e\n\u003cli\u003eThe attacker may attempt to access sensitive data stored or processed by MOVEit Automation.\u003c/li\u003e\n\u003cli\u003eThe attacker disrupts or disables MOVEit Automation services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to significant disruption of file transfer operations, potential data breaches, and reputational damage. Organizations relying on MOVEit Automation for critical file transfers may experience service outages, compliance violations, and financial losses. The unspecified vulnerability could potentially allow for more severe impacts, such as data exfiltration or complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch MOVEit Automation instances to version 2025.1.7 or later to remediate CVE-2026-8485, CVE-2026-8486, CVE-2026-8487, and CVE-2026-8488 as referenced in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting MOVEit Automation endpoints to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect MOVEit Automation Security Policy Bypass Attempt\u0026rdquo; to identify potential security policy circumvention.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T12:19:33Z","date_published":"2026-05-21T12:19:33Z","id":"https://feed.craftedsignal.io/briefs/2026-05-moveit-automation-vulns/","summary":"Multiple vulnerabilities in Progress MOVEit Automation allow for remote denial of service, security policy bypass, and unspecified security issues.","title":"Multiple Vulnerabilities in Progress MOVEit Automation","url":"https://feed.craftedsignal.io/briefs/2026-05-moveit-automation-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — MOVEit Automation (2025.1.x)","version":"https://jsonfeed.org/version/1.1"}