This vulnerability (CWE-770) in MOVEit Automation allows an attacker to cause resource exhaustion by allocating resources without proper limits or throttling, resulting in potential flooding conditions that degrade service availability. It affects MOVEit Automation versions prior to 2025.0.11 and versions from 2025.1.0 up to but not including 2025.1.7. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability loss. No patch or official remediation level has been disclosed by Progress Software as of the publication date.

The vulnerability can lead to denial of service conditions by exhausting system resources, impacting the availability of MOVEit Automation services. There is no impact on confidentiality or integrity. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, monitor Progress Software advisories for updates. Until a patch is available, consider implementing resource usage monitoring and throttling controls at the network or application level if feasible.