CVE-2024-5806: Progress MOVEit Transfer Authentication...

CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability

On June 25, Progress published an advisory for a vulnerability in MOVEit Transfer, a secure managed file transfer (MFT) solution. CVE-2024-5806 is an authentication bypass vulnerability affecting the SSH File Transfer Protocol (SFTP) module in Progress MOVEit Transfer. According to the advisory, this vulnerability is only exploitable in “limited scenarios,” however no further information was available on what those scenarios may be. A technical analysis of this vulnerability by researchers at watchTowr provides more analysis on how they recreated the vulnerability and we recommend reviewing their blog post for additional insight and indicators of compromise (IoCs) for defenders.

Given the mass exploitation of MOVEit Transfer in the past, we highly recommend taking action to patch this vulnerability as soon as possible.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2024-5806: Progress MOVEit Transfer Authentication...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia