Arbitrary File Access Vulnerability in OpenEdge by Progress
CVE-2025-7389

8.2HIGH

Key Information:

Vendor: Progress Software
Status: Openedge
Vendor: CVE Published:; 14 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-7389?

A vulnerability within the AdminServer component of OpenEdge allows authenticated users to gain unauthorized OS-level access to the server. This security flaw is rooted in the misuse of the setFile() and openFile() methods via the Remote Method Invocation (RMI) interface. Users with access to these methods could potentially read arbitrary files on the host system, leveraging the elevated privileges granted to the AdminServer process. To mitigate this risk, the exploitable methods have been removed, thereby securing the RMI access pathways and protecting system integrity.

Affected Version(s)

OpenEdge Windows OpenEdge 12.2.0 <= 12.2.9

OpenEdge Windows OpenEdge 12.8.0 <= 12.2.18

References

https://community.progress.com/s/article/Important-Arbitr...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jul 9, 2025

Credit

Thomas Riedmaier, Siemens Energy

CVE-2025-7389 Data

JSON