← Volver a CVEs

CVE-2025-13447

HIGH

8.4

Descripcion

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Detalles CVE

Puntuacion CVSS v3.18.4

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioNONE

Publicado1/13/2026

Ultima modificacion2/10/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

progress:connection_manager_for_objectscale*progress:ecs_connection_managerprogress:loadmasterprogress:moveit_wafprogress:multi-tenant_hypervisor

Debilidades (CWE)

CWE-78

Referencias

https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447(security@progress.com)

https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447(security@progress.com)

https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447(security@progress.com)

https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447(security@progress.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.