PT-2026-2442 · Progress · Progress Loadmaster

Alex Williams

Publicado

2026-01-13

Atualizado

2026-02-02

CVE-2025-13444

CVSS v3.1

8.4

Alta

Vetor

AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Progress LoadMaster (affected versions not specified)

Description An authenticated attacker with “User Administration” permissions can execute arbitrary commands on the LoadMaster appliance. This is due to unsanitized input in the API input parameters, leading to an OS Command Injection Remote Code Execution. The issue affects the API functionality of the software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2025-13444

ZDI-26-052

Produtos afetados

Progress Loadmaster

PT-2026-2442 · Progress · Progress Loadmaster

CVE-2025-13444

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9