CVE-2025-13447

Summary

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMaster7.2.50 < V7.2.62.2affected
Progress SoftwareLoadMaster7.1.32 < V7.2.62.2affected
Progress SoftwareLoadMaster7.2.37 < V7.2.62.2affected
Progress SoftwareLoadMaster7.2.39 < V7.2.62.2affected
Progress SoftwareLoadMaster7.2.50 < V7.2.54.16affected
Progress SoftwareLoadMaster7.1.32 < V7.2.54.16affected
Progress SoftwareLoadMaster7.2.37 < V7.2.54.16affected
Progress SoftwareLoadMaster7.2.39 < V7.2.54.16affected

Weaknesses

  • Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References