Remote Code Execution Vulnerability in Progress LoadMaster API
CVE-2025-13447

8.4HIGH

Key Information:

Vendor

Progress Software
Status
Loadmaster
Vendor
CVE Published:
13 January 2026

What is CVE-2025-13447?

The Progress LoadMaster is susceptible to an OS command injection vulnerability affecting its API. Authenticated users with 'User Administration' permissions can leverage this weakness by providing unsanitized input through API parameters, enabling them to execute arbitrary commands on the LoadMaster appliance. This can lead to unauthorized data access and control over the device, posing serious security risks. It is crucial for organizations using Progress LoadMaster to apply security patches and follow remediation steps to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LoadMaster LoadMaster Appliance 7.2.50

LoadMaster LoadMaster Appliance 7.1.32

LoadMaster LoadMaster Appliance 7.2.37

References

https://community.progress.com/s/article/LoadMaster-Vulne...
vendor-advisory
https://community.progress.com/s/article/ECS-Connection-M...
vendor-advisory
https://community.progress.com/s/article/Connection-Manag...
vendor-advisory

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Williams from Converge Technology Solutions working with Trend Micro Zero Day Initiative
JSON
.