OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

8.4 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Basic Information

ID CVE-2025-13444

Source ProgressSoftware

Published Jan 13, 2026 at 14:26

Affected Product

Vendor Progress Software

Product LoadMaster

Version 7.2.50

Affected Versions Progress Software LoadMaster 7.2.50
Progress Software LoadMaster 7.2.50
Progress Software Multi Tenant LoadMaster 7.2.39

CWE Classification

References

{
    "lastseen": "",
    "description": "OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with \u201cUser Administration\u201d permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters",
    "published": "2026-01-13T14:26:50.661Z",
    "modified": "2026-01-13T14:26:50.661Z",
    "type": "cve",
    "title": "OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster",
    "source": "ProgressSoftware",
    "references": "https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447",
    "id": "CVE-2025-13444",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Progress Software LoadMaster 7.2.50\nProgress Software LoadMaster 7.2.50\nProgress Software Multi Tenant LoadMaster 7.2.39",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LoadMaster",
    "version": "7.2.50",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster_CVE-2025-13444