OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

8.4 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Basic Information

ID CVE-2025-13447

Source ProgressSoftware

Published Jan 13, 2026 at 14:31

Affected Product

Vendor Progress Software

Product LoadMaster

Version 7.2.50

Affected Versions Progress Software LoadMaster 7.2.50
Progress Software LoadMaster 7.1.32
Progress Software LoadMaster 7.2.37
Progress Software LoadMaster 7.2.39
Progress Software LoadMaster 7.2.50
Progress Software LoadMaster 7.1.32
Progress Software LoadMaster 7.2.37
Progress Software LoadMaster 7.2.39

CWE Classification

References

{
    "lastseen": "",
    "description": "OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with \u201cUser Administration\u201d permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters",
    "published": "2026-01-13T14:31:56.911Z",
    "modified": "2026-01-13T14:31:56.911Z",
    "type": "cve",
    "title": "OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster",
    "source": "ProgressSoftware",
    "references": "https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447\nhttps://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447",
    "id": "CVE-2025-13447",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Progress Software LoadMaster 7.2.50\nProgress Software LoadMaster 7.1.32\nProgress Software LoadMaster 7.2.37\nProgress Software LoadMaster 7.2.39\nProgress Software LoadMaster 7.2.50\nProgress Software LoadMaster 7.1.32\nProgress Software LoadMaster 7.2.37\nProgress Software LoadMaster 7.2.39",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LoadMaster",
    "version": "7.2.50",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster_CVE-2025-13447