Primary

Context

Progress LoadMaster OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in Progress LoadMaster, affecting authenticated users. This issue allows OS command injection through improper input validation. The vulnerability is present in LoadMaster versions 7.2.55.0 to 7.2.60.1 (inclusive), 7.2.49.0 to 7.2.54.12 (inclusive), 7.2.48.12, and all prior versions. It also affects all prior versions of LoadMaster's Multi-Tenant hypervisor.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary system commands on the LoadMaster appliance.

Remediation

To address this vulnerability, users should upgrade to LoadMaster version 7.2.61.0 (GA), 7.2.54.13 (LTSF), or for Multi-Tenant LoadMaster, 7.1.35.13 (GA). Instructions for upgrading LoadMaster firmware are available in the Progress LoadMaster Upgrade Firmware Knowledge Base article.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress LoadMaster OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress LoadMaster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating