Home

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

PUBLISHED Reserved 2025-11-19 | Published 2026-01-13 | Updated 2026-01-14 | Assigner ProgressSoftware




HIGH: 8.4CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Product status

Default status
unaffected

7.2.50 (custom) before V7.2.62.2
affected

7.2.50 (custom) before V7.2.54.16
affected

Default status
unaffected

7.2.39 (custom) before V7.1.35.15
affected

Credits

Alex Williams from Converge Technology Solutions working with Trend Micro Zero Day Initiative finder

References

community.progress.com/...ties-CVE-2025-13444-CVE-2025-13447 vendor-advisory

community.progress.com/...ties-CVE-2025-13444-CVE-2025-13447 vendor-advisory

community.progress.com/...ties-CVE-2025-13444-CVE-2025-13447 vendor-advisory

community.progress.com/...ties-CVE-2025-13444-CVE-2025-13447 vendor-advisory

cve.org (CVE-2025-13444)

nvd.nist.gov (CVE-2025-13444)

Download JSON