Primary

Context

Progress Flowmon OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in Progress Flowmon versions prior to 12.5.8. This vulnerability allows an authenticated low-privileged user to manipulate requests during the report generation process, leading to the execution of unintended commands on the server.

Impact

Exploitation of this vulnerability allows for OS command injection, where unintended commands are executed on the server.

Remediation

Users are advised to upgrade to the latest version of Progress Flowmon. Upgrade packages are available through the Progress Community or the Progress Update Catalog. Note that upgrading will cause a system outage.

Added: Apr 2, 2026, 3:00 PM

Updated: Apr 2, 2026, 3:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Flowmon OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating