CVE-2025-7388

Summary

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process.  An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationOpenEdgeOpenEdge 12.2.0 < 12.2.18affected
Progress Software CorporationOpenEdgeOpenEdge 12.8.0 < 12.8.8affected

Weaknesses

  • CWE-77: CWE-77

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References