PT-2025-44375 · Progress · Flowmon
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2025-11906
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress Flowmon versions prior to 12.5.6
Description
A flaw exists in Progress Flowmon where system configuration files have incorrect file permissions. A user with access to the default flowmon system user account used for SSH access could potentially escalate privileges to root during service initialization.
Recommendations
Update Progress Flowmon to version 12.5.6 or later.
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flowmon