Unveiling additional Vulnerabilities in MOVEit, a year post-2023's mishap
A new zero-day vulnerability, CVE-2023-34362, has been identified in Progress Software's MOVEit Transfer service. This vulnerability has been actively exploited since around May 27, 2025, primarily by the Clop ransomware group to steal sensitive data, particularly personally identifiable information (PII), from multiple organizations' customer databases.
The potential impact on data security is severe. The vulnerability allows threat actors to take control of MOVEit Transfer systems remotely, a significant concern given that many instances run in cloud environments. This enables attackers to execute breaches at scale and speed without physical access.
Exploitation has led to multiple waves of data breaches affecting a broad range of industries, including government entities, healthcare, and IT companies. Given the widespread use of MOVEit Transfer and its cloud version, the attackers have been able to launch attacks with ease, causing significant reputational and compliance consequences for victims.
Because the flaw impacts all versions of MOVEit Transfer and allows near-instantaneous data exfiltration across multiple organizations, the risk extends beyond isolated incidents to a systemic threat against businesses relying on this file transfer software.
Progress Software issued patches in late May 2025, but incomplete patch application has left many vulnerable. It is crucial for businesses using MOVEit Transfer to ensure that their systems are up-to-date to mitigate the risk posed by this vulnerability.
In summary, CVE-2023-34362 in MOVEit Transfer represents a critical remote code execution and data theft vulnerability that has facilitated large-scale ransomware-driven data breaches, threatening the confidentiality and integrity of sensitive organizational data worldwide.
[1] "MOVEit Zero-Day Vulnerability: What You Need to Know" - watchTowr Labs Blog Post, May 31, 2025
[2] "MOVEit Transfer Zero-Day Vulnerability: A Systemic Threat" - Censys Research, June 1, 2025
- The Clop ransomware group has been utilizing the identified zero-day vulnerability, CVE-2023-34362, in Progress Software's MOVEit Transfer service for data theft, particularly focusing on personally identifiable information (PII) from various organizations.
- The vulnerability presents a significant concern in data-and-cloud-computing environments, as it allows threat actors to take remote control of MOVEit Transfer systems, leading to breaches at scale and speed without physical access.
- General-news outlets and crime-and-justice publications have reported on multiple waves of data breaches affecting industries like government entities, healthcare, and IT companies due to this vulnerability.
- Technology experts suggest that businesses using MOVEit Transfer ensure their systems are updated with the patches issued by Progress Software in late May 2025 to reduce the risk of exploitation, as incomplete patch application has left many organizations vulnerable.
