This section outlines issues tracked and fixed by the MOVEit product team for the 2025.0.8 Hotfix.
Note: See the What's New section for a broader summary of features and improvements.

ID

Category

Fixed Issue

101048 Security, Uploader CVE-2026-8801: Fixed an issue that could allow file extension restrictions to be bypassed.
102567 UI, Security Fixed issue where end-users can view host permit lists.
102637 REST, Security Fixed issue where end-users can query feature flag values.
104125 SFTP, Performance CVE-2026-10699: Fixed memory leak in MOVEit SFTP service.
104590 Reports, Security CVE-2026-10698: Fixed issue where AuditUser could escalate privileges from Custom Reports module.
104690 Ad Hoc, Security CVE-2026-11903: Fixed XSS vulnerability in Ad Hoc module.