CVE-2025-13444

HIGH

Progress Connection Manager For Objectscale - OS Command Injection

Title source: rule

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

References (4)

Scores

CVSS v3 8.4
EPSS 0.0004
EPSS Percentile 10.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-78
Status published

Affected Products (6)

progress/connection_manager_for_objectscale < 7.2.62.2
progress/ecs_connection_manager < 7.2.62.2
progress/loadmaster < 7.2.54.16
progress/loadmaster < 7.2.62.2
progress/moveit_waf
progress/multi-tenant_hypervisor < 7.1.35.15

Timeline

Published Jan 13, 2026
Tracked Since Feb 18, 2026