CVE-2025-7388 | THREATINT

Description

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.

PUBLISHED Reserved 2025-07-09 | Published 2025-09-04 | Updated 2025-09-05 | Assigner ProgressSoftware

HIGH: 8.4CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Problem types

CWE-77

Product status

Default status

unaffected

OpenEdge 12.2.0 (custom) before 12.2.18

affected

OpenEdge 12.8.0 (custom) before 12.8.8

affected

References

community.progress.com/...ty-Update-for-OpenEdge-AdminServer

cve.org (CVE-2025-7388)

nvd.nist.gov (CVE-2025-7388)

Download JSON