Vulnerability Report

CVE-2025-13444

RCE

Title: OS Command Injection in Progress LoadMaster

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2025-13444.

CWE Category NVD-CWE-noinfo

Published Date Jan 13, 2026

Modified Date Feb 13, 2026

Exploit Status Not Found

Score 8.4 CVSS v3.1

Exploit Probability (EPSS)

0.05%

Vulnerability Summary

CVE-2025-13444: OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Impacted Vendors

kemptechnologies 1

progress 6

Reference Links

https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447

CVSS v3.1

Source Entity [email protected]

Severity HIGH

8.4

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H