8.4
CVE-2025-13447
- EPSS 0.3%
- Veröffentlicht 13.01.2026 14:31:56
- Zuletzt bearbeitet 14.01.2026 16:26:00
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerProgress Software
≫
Produkt
LoadMaster
Default Statusunaffected
Version <
V7.2.62.2
Version
7.2.50
Status
affected
Version <
V7.2.62.2
Version
7.1.32
Status
affected
Version <
V7.2.62.2
Version
7.2.37
Status
affected
Version <
V7.2.62.2
Version
7.2.39
Status
affected
Version <
V7.2.54.16
Version
7.2.50
Status
affected
Version <
V7.2.54.16
Version
7.1.32
Status
affected
Version <
V7.2.54.16
Version
7.2.37
Status
affected
Version <
V7.2.54.16
Version
7.2.39
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@progress.com | 8.4 | 1.7 | 6 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|