This vulnerability in MOVEit Automation arises from incorrect default permissions that permit unauthorized retrieval of embedded sensitive data. It affects specific versions prior to 2025.0.11 and between 2025.1.0 and before 2025.1.7. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high confidentiality impact with no integrity or availability impact. No patch or official remediation level has been disclosed by Progress Software as of the publication date.

Successful exploitation could lead to unauthorized disclosure of sensitive embedded data within MOVEit Automation. The confidentiality impact is high, but integrity and availability are not affected. There are no known exploits in the wild currently. The vulnerability requires only low privileges and can be exploited remotely over the network without user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Progress Software advisories for updates. Until a patch is available, restrict access to MOVEit Automation instances to trusted users with minimal privileges to reduce risk.