CVE-2025-13444 HIGH

CVE-2025-13444: OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

Vendor Progress Software
Product LoadMaster
Published January 13, 2026
Last update February 26, 2026

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Key dates

02Disclosure timeline

January 13, 2026 CVE published
February 26, 2026 Record updated