- Description
- OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
- Source
- security@progress.com
- NVD status
- Analyzed
- Products
- connection_manager_for_objectscale, ecs_connection_manager, loadmaster, moveit_waf, multi-tenant_hypervisor
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-78
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Progress ❗ CVE-2025-13447 ❗ CVE-2025-13444 ➡️ Más info: https://t.co/dMTND6ay8O https://t.co/5RiNQ72IPl
@CERTpy
20 Jan 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Progress patches high-severity RCE flaws (CVE-2025-13444/47) in LoadMaster & MOVEit WAF. Update UI/API endpoints immediately to prevent command injection. #ProgressSoftware #LoadMaster #CyberSecurity #CVE202513444 #RCE #MOVEit #InfoSec #PatchNow https://t.co/bhXtFm46Ts
@the_yellow_fall
15 Jan 2026
538 Impressions
6 Retweets
15 Likes
6 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-13444 - High OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary command... https://t.co/iXyaZ0nARD https://t.co/nTLdmjfanq
@TheHackerWire
13 Jan 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to exec… https://t.co/s8vYoksdE8
@CVEnew
13 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Im Kemp Loadmaster sind im Dez. 2025 kritische Schwachstelle CVE-2025-13444 und CVE-2025-13447 gepatcht worden. Nun dürfen die Details öffentlich gemacht werden - mein Nachtrag: https://t.co/pxklwwVSmx
@etguenni
13 Jan 2026
180 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:connection_manager_for_objectscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7052639-332E-4077-BE5A-60B87A964E10",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ecs_connection_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC15908-9A59-4CB5-8279-02F3E061AB11",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*",
"matchCriteriaId": "CB2D26CD-AF3F-463E-913F-FC41B0F122C3",
"versionEndExcluding": "7.2.54.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ga:*:*:*",
"matchCriteriaId": "146A0610-9E1C-4614-9327-92D0336A82BE",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:moveit_waf:7.2.62.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7935C9E7-E371-463E-B9EF-F2F52DCE4315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:multi-tenant_hypervisor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "621720F8-C897-4CB6-BED8-687BB400D5DC",
"versionEndExcluding": "7.1.35.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]