Volerion logoVolerion
Volerion logoVolerion

Progress LoadMaster OS Command Injection Vulnerability

Vulnerability

A vulnerability allowing OS command injection has been identified in Progress LoadMaster. This issue affects authenticated users and is present in LoadMaster versions 7.2.55.0 through 7.2.60.1 (inclusive), 7.2.49.0 through 7.2.54.12 (inclusive), 7.2.48.12 and all prior versions, as well as LoadMaster Multi-Tenant Hypervisor 7.1.35.12 and all prior versions. The vulnerability arises from improper input validation, allowing authenticated users to execute arbitrary system commands by sending crafted HTTP requests through the management interface.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary system commands on the LoadMaster appliance.

Remediation

To address this vulnerability, users should upgrade to LoadMaster version 7.2.61.0 (GA), 7.2.54.13 (LTSF) or 7.1.35.13 (GA). Instructions for upgrading LoadMaster firmware are available in the LoadMaster Upgrade Firmware Knowledge Base article.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
5.4
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.