Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Feb 26, 2026
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
CVE-2025-13444
Description
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
Affected products
3- Progress Software/LoadMasterv5Range: 7.2.50
- Progress Software/Multi Tenant LoadMasterv5Range: 7.2.39
Patches
Vulnerability mechanics
References
4- community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
News mentions
0No linked articles in our index yet.