Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Feb 26, 2026
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
CVE-2025-13447
Description
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
Affected products
2- Progress Software/LoadMasterv5Range: 7.2.50
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
- community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447mitrevendor-advisory
News mentions
0No linked articles in our index yet.