CVE-2025-7389

Name of the Vulnerable Software and Affected Versions OpenEdge (affected versions not specified)

Description A flaw in the AdminServer component allows authenticated users to gain OS-level access to the server by adopting the authority of the AdminServer process. This allows users to read arbitrary files on the host system by misusing the setFile() and openFile() functions exposed through the Remote Method Invocation (RMI) interface, which is a mechanism that allows an object residing in one Java virtual machine to invoke methods on an object residing in another. Access is limited by the OS-level privileges granted to the AdminServer and the user's access to these methods via RMI.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.