HIGH🇵🇱 Wersja polska

CVE-2025-13447

CVSS 8.4v3.1pub. 2026-01-13upd. 2026-02-10

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Progress Connection Manager For Objectscale*

    APP
    Progress
    < 7.2.62.2
  • Progress Ecs Connection Manager

    APP
    Progress
    < 7.2.62.2
  • Progress Loadmaster

    APP
    Progress
    < 7.2.54.16< 7.2.62.2
  • Progress Moveit Waf

    APP
    Progress
    7.2.62.1
  • Progress Multi Tenant Hypervisor

    APP
    Progress
    < 7.1.35.15
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2024-1212CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Progress LoadMaster – nieuwierzytelnione RCE przez command injection w interfejsie zarządzania

CVE-2026-3518HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2026-3519HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2026-3517HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2026-4048HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticate...