AI description
CVE-2025-7388 is a vulnerability in Progress OpenEdge AdminServer that allows for Remote Command Execution (RCE) via the Java RMI interface. Authenticated users can inject and execute OS commands with the privileges of the AdminServer process. The vulnerability stems from inadequate input validation on a configuration property, which leads to OS command injection. Specifically, the manipulation of the `workDir` parameter, passed as the `-w jvmStart` argument, allows attackers to inject OS commands by manipulating quotes within the input value. This results in arbitrary command execution with the elevated privileges of the AdminServer process.
- Description
- It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.
- Source
- security@progress.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.4
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
- Severity
- HIGH
- security@progress.com
- CWE-77
- Hype score
- Not currently trending
CVE-2025-7388 : Progress Software has patched a high-severity RCE flaw in OpenEdge AdminServer https://t.co/KFffxfi7c9
@freedomhack101
8 Sept 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CyberDudeBivash Global Vulnerability Report CVE-2025-7388 — Remote Command Injection via RMI in OpenEdge AdminServer. https://t.co/7WELSWtHqM https://t.co/CbgeJHMnqh
@Iambivash007
8 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-7388 (CVSS 8.4): OpenEdge AdminServer is vulnerable to Remote Code Execution (RCE) via its Java RMI interface! Authenticated users can exploit weak input validation to inject & execute OS commands with AdminServer privileges. Search by vul.cve https://t.co
@zoomeye_team
8 Sept 2025
162 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨🚨CVE-2025-7388 (CVSS 8.4): OpenEdge AdminServer is vulnerable to Remote Code Execution (RCE) via its Java RMI interface! Authenticated users can exploit weak input validation to inject & execute OS commands with AdminServer privileges. Search by vul.cve https://t.co
@zoomeye_team
8 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Progress Software has patched a high-severity RCE flaw (CVE-2025-7388) in OpenEdge AdminServer. The bug allows authenticated attackers to execute commands via Java RMI. #ProgressSoftware #OpenEdge #RCE #Vulnerability #Cybersecurity https://t.co/QvLaTBSCkl
@the_yellow_fall
8 Sept 2025
181 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Completing the Circle: The path to CVE-2025-7388 https://t.co/KpmDWlF9A6
@MCKSysAr
4 Sept 2025
5025 Impressions
11 Retweets
23 Likes
13 Bookmarks
0 Replies
1 Quote
CVE-2025-7388 It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS comm… https://t.co/WIww0zIhOa
@CVEnew
4 Sept 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes