- Description
- OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
- Source
- security@progress.com
- NVD status
- Analyzed
- Products
- connection_manager_for_objectscale*, ecs_connection_manager, loadmaster, moveit_waf, multi-tenant_hypervisor
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-78
- Hype score
- Not currently trending
72 new OPEN, 91 new PRO (72 + 19) Several New RMMs, Dynamic_DNS, Lumma Stealer, ZPHP, LandUpdate808, zgRAT, and several CVES (Quest KACE Desktop Authority -- CVE-2025-67813, Progress Software Kemp LoadMaster -- CVE-2025-13447) and more. https://t.co/YgNlZAiW2K
@ET_Labs
9 Feb 2026
1061 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Progress ❗ CVE-2025-13447 ❗ CVE-2025-13444 ➡️ Más info: https://t.co/dMTND6ay8O https://t.co/5RiNQ72IPl
@CERTpy
20 Jan 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-13447 - High OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary command... https://t.co/mP6n6FHkde https://t.co/LW7Mr5Lp8z
@TheHackerWire
13 Jan 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to exec… https://t.co/VK6tjOvX9r
@CVEnew
13 Jan 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Im Kemp Loadmaster sind im Dez. 2025 kritische Schwachstelle CVE-2025-13444 und CVE-2025-13447 gepatcht worden. Nun dürfen die Details öffentlich gemacht werden - mein Nachtrag: https://t.co/pxklwwVSmx
@etguenni
13 Jan 2026
180 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:connection_manager_for_objectscale*:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8981F2-113F-4870-BFAF-1F92B8262EA9",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ecs_connection_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC15908-9A59-4CB5-8279-02F3E061AB11",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*",
"matchCriteriaId": "CB2D26CD-AF3F-463E-913F-FC41B0F122C3",
"versionEndExcluding": "7.2.54.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ga:*:*:*",
"matchCriteriaId": "146A0610-9E1C-4614-9327-92D0336A82BE",
"versionEndExcluding": "7.2.62.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:moveit_waf:7.2.62.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7935C9E7-E371-463E-B9EF-F2F52DCE4315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:multi-tenant_hypervisor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "621720F8-C897-4CB6-BED8-687BB400D5DC",
"versionEndExcluding": "7.1.35.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]