CVE-2025-13444
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
| Vendor | progress software |
| Product | loadmaster |
| Published | Jan 13, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for progress software loadmaster
Be the first to know when new high vulnerabilities affecting progress software loadmaster are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Progress Software / LoadMaster
7.2.50 < V7.2.62.2 7.2.50 < V7.2.54.16
Progress Software / Multi Tenant LoadMaster
7.2.39 < V7.1.35.15
References
community.progress.com: https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 community.progress.com: https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 community.progress.com: https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 community.progress.com: https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
Credits
Alex Williams from Converge Technology Solutions working with Trend Micro Zero Day Initiative