CVE-2025-13447
📋 TL;DR
This vulnerability allows authenticated attackers with 'User Administration' permissions to execute arbitrary operating system commands on Progress LoadMaster appliances via unsanitized API input parameters. It enables remote code execution, potentially compromising the entire appliance. Organizations using affected Progress LoadMaster versions are at risk.
💻 Affected Systems
- Progress LoadMaster
- Progress Connection Manager for ObjectScale
- Progress ECS Connection Manager
- Progress MOVEit WAF
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of LoadMaster appliance leading to data exfiltration, lateral movement to internal networks, service disruption, and persistent backdoor installation.
Likely Case
Attacker gains full control of LoadMaster appliance, potentially intercepting or modifying traffic, stealing credentials, and using the appliance as a foothold for further attacks.
If Mitigated
Limited impact due to proper access controls, network segmentation, and monitoring preventing successful exploitation or containing damage.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authentication is achieved; no public exploit code is currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
Restart Required: Yes
Instructions:
1. Review vendor advisory for affected versions. 2. Download and apply the latest security patches from Progress. 3. Restart the LoadMaster appliance as required. 4. Verify the patch is applied successfully.
🔧 Temporary Workarounds
Restrict User Administration Permissions
allLimit 'User Administration' permissions to only essential personnel to reduce attack surface.
Network Segmentation
allIsolate LoadMaster management interfaces from untrusted networks and implement strict firewall rules.
🧯 If You Can't Patch
- Implement strict access controls to limit who has 'User Administration' permissions.
- Monitor API logs for unusual command execution patterns and implement network segmentation.
🔍 How to Verify
Check if Vulnerable:
Check your LoadMaster version against the vendor advisory; if running an affected version and using API with User Administration permissions, you are vulnerable.Check Version:
Check via LoadMaster web interface or CLI; specific command varies by version.Verify Fix Applied:
Verify the appliance version matches or exceeds the patched version listed in the vendor advisory and test API functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual API calls with command-like parameters
- Multiple failed authentication attempts followed by successful User Administration API access
- Unexpected system command execution in logs
Network Indicators:
- Suspicious outbound connections from LoadMaster appliance
- Unusual traffic patterns to/from management interfaces
SIEM Query:
Example: 'source="loadmaster" AND (api_call="*command*" OR user="*admin*")'🔗 References
- https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
- https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
- https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
- https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447
