CVE-2025-13147 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, found in Progress MOVEit Transfer, a widely used managed file transfer solution. The vulnerability affects versions prior to 2024.1.8 and versions from 2025.0.0 up to before 2025.0.4. SSRF vulnerabilities allow attackers to manipulate the server into sending crafted HTTP requests to internal or external systems, potentially bypassing firewall restrictions and accessing sensitive internal resources that are not directly exposed to the internet. This particular SSRF flaw does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 5.3 indicates a medium severity, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to confidentiality (C:L) without affecting integrity or availability. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of internal network reconnaissance, unauthorized data access, or leveraging the server as a proxy for further attacks. MOVEit Transfer is commonly deployed in enterprise environments for secure file transfers, making this vulnerability relevant for organizations that rely on it to protect sensitive data flows. The lack of available patches at the time of reporting means organizations must monitor vendor updates closely. The vulnerability’s presence in multiple versions, including recent releases, underscores the importance of timely patch management. Network-level controls such as egress filtering and strict access controls can help mitigate exploitation risk until patches are applied.

For European organizations, the SSRF vulnerability in MOVEit Transfer could lead to unauthorized internal network scanning, exposure of sensitive internal services, or indirect access to confidential data. Since MOVEit Transfer is often used for handling sensitive file transfers in sectors like finance, healthcare, and government, exploitation could undermine data confidentiality and trust in secure communications. Although the vulnerability does not directly affect data integrity or system availability, attackers could leverage SSRF to pivot within the network, potentially escalating to more severe attacks. The medium severity score reflects limited direct damage but significant reconnaissance and information disclosure risks. Organizations with complex internal networks and insufficient segmentation are at higher risk. The absence of authentication requirements lowers the barrier for attackers, increasing the likelihood of opportunistic scanning and exploitation attempts. The impact is particularly critical for organizations subject to strict data protection regulations such as GDPR, where unauthorized data exposure can lead to regulatory penalties and reputational damage.

1. Apply patches from Progress as soon as they are released for affected MOVEit Transfer versions. 2. Until patches are available, implement strict egress filtering on MOVEit Transfer servers to restrict outbound HTTP requests only to trusted and necessary destinations. 3. Employ network segmentation to isolate MOVEit Transfer servers from sensitive internal resources, limiting the potential impact of SSRF exploitation. 4. Monitor logs and network traffic for unusual outbound requests originating from MOVEit Transfer servers, which may indicate exploitation attempts. 5. Use web application firewalls (WAFs) with SSRF detection capabilities to block suspicious requests targeting the vulnerable endpoints. 6. Conduct regular security assessments and penetration testing focused on SSRF and related vulnerabilities in file transfer systems. 7. Educate IT and security teams about SSRF risks and encourage rapid response to vulnerability disclosures affecting critical infrastructure.