Remote Command Execution Vulnerability in OpenEdge AdminServer by Progress Software
CVE-2025-7388
What is CVE-2025-7388?
CVE-2025-7388 is a remote command execution vulnerability found in the OpenEdge AdminServer software developed by Progress Software. OpenEdge serves as an application development platform that allows organizations to build and manage business applications. This vulnerability enables authenticated users to execute arbitrary operating system commands through the Java RMI (Remote Method Invocation) interface. Due to insufficient input validation, attackers can manipulate certain configuration properties, leading to command injection under the AdminServer's authority. The risk associated with this vulnerability is particularly concerning, as it could allow unauthorized access to sensitive system functionalities, putting organizational data and operations at a greater risk.
Potential impact of CVE-2025-7388
-
Unauthorized System Access: The vulnerability poses a direct threat as it allows authenticated users to run malicious commands on the system, potentially leading to unauthorized access and control over sensitive data and resources.
-
Data Breaches: Exploiting this vulnerability could result in significant data breaches, where attackers gain access to confidential information stored within the system, leading to possible data theft and reputational damage.
-
System Compromise: The ability to execute arbitrary commands can result in a complete compromise of the affected systems. This can allow attackers to install malware, disrupt services, or leverage the compromised system as a launching point for further attacks within the organization's network.
Affected Version(s)
OpenEdge Windows OpenEdge 12.2.0 < 12.2.18
OpenEdge Windows OpenEdge 12.8.0 < 12.8.8