Privilege Escalation Vulnerability in Progress Flowmon Software
CVE-2025-11906

6.7MEDIUM

Key Information:

Vendor: Progress Software
Status: Flowmon
Vendor: CVE Published:; 30 October 2025

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-11906?

A vulnerability in Progress Flowmon versions prior to 12.5.6 stems from improper file permissions on certain system configuration files. This flaw allows users with access to the default Flowmon system user account, utilized for SSH access, to potentially escalate their privileges to root during the service initialization, exposing critical system functions to unauthorized control.

Affected Version(s)

Flowmon Flowmon 12 versions prior to 12.5.6

References

https://community.progress.com/s/article/Progress-Flowmon...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 17, 2025

JSON