Progress Software has disclosed and patched a high-severity vulnerability, tracked as CVE-2025-10932, affecting the AS2 module of MOVEit Transfer. The flaw impacts multiple versions, including MOVEit Transfer 2025.0.2 (17.0.2) and prior, 2024.1.6 (16.1.6) and prior, 2023.1.15 (15.1.15) and prior, as well as 2023.0 and 2024.0 and earlier releases. Security advisories urge users and administrators to review the official updates and apply necessary patches to mitigate the risk associated with this vulnerability.
The Canadian Centre for Cyber Security has also issued an alert referencing the same vulnerability, emphasizing the importance of prompt remediation. No evidence of exploitation in the wild has been reported at this time, but the critical nature of the flaw and the widespread use of MOVEit Transfer in enterprise environments make timely patching essential to prevent potential compromise.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
Progress issued a security advisory and released patches for a high-severity vulnerability in the MOVEit Transfer AS2 module, tracked as CVE-2025-10932. The advisory was published on October 31, 2025, and no earlier distinct events are described in the provided references.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.