CVE-2025-10239 HIGH

CVE-2025-10239: Unintended command execution via troubleshooting scripts in Progress Flowmon

Vendor Progress Software

Product Flowmon

Weakness CWE-78

Published October 9, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes.

Key dates

02Disclosure timeline

October 9, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10239 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2025-7082 Belkin F9K1122 webs formBSSetSitesurvey os command injection CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam) CVE-2022-4643 docconv pdf_ocr.go ConvertPDFImages os command injection CVE-2011-10007 File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name CVE-2024-6184 Ruijie RG-UAC reboot_commit.php os command injection