CVE-2025-7388
Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution (RCE) via Java
RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and
execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration
property with inadequate input validation leading to OS command injection.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Productos afectados
Progress Software Corporation · OpenEdge¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →