A essential safety vulnerability has been found in Progress OpenEdge, a platform for creating and deploying enterprise functions.
The flaw, recognized as CVE-2025-7388, permits for distant code execution (RCE) and impacts a number of variations of the software program, probably enabling attackers to execute arbitrary instructions with elevated system privileges.
The vulnerability resides within the AdminServer element of OpenEdge, particularly inside its Java Distant Technique Invocation (RMI) interface, which is used for distant administrative duties.
In accordance with a safety notification, the flaw permits an authenticated however unauthorized consumer to govern configuration properties. This may result in OS command injection by means of the workDir parameter.
Attackers can exploit this by injecting malicious instructions, that are then executed with the high-level privileges of the AdminServer course of, usually working as NT AUTHORITY/SYSTEM on Home windows programs.
Progress OpenEdge AdminServer Vulnerability
Progress has addressed the vulnerability and launched patches in OpenEdge Lengthy-Time period Help (LTS) Updates 12.2.18 and 12.8.9.
The repair includes two key adjustments: first, it sanitizes the workDir parameter by enclosing values in double quotes to stop command injection. Second, it disables the distant RMI functionality by default to scale back the assault floor.
All OpenEdge variations prior to those updates, together with LTS Releases 12.2.17 and 12.8.8 and their earlier minor variations, are prone.
Programs working unpatched variations stay uncovered to important danger, as weak authentication may enable attackers to compromise your entire system.
For customers who’ve utilized the patch, distant RMI might be disabled by default. Directors who relied on this function for distant operations will discover it not features.
Whereas it’s doable to re-enable distant RMI, Progress warns that doing so reintroduces safety dangers and may solely be carried out if there’s a compelling enterprise motive, on the consumer’s personal danger.
For organizations unable to use the updates instantly, short-term mitigations are advisable.
These embody proscribing community entry to the AdminServer RMI port (default 20931) utilizing firewalls, working the AdminServer course of with the bottom doable privileges, and eradicating any unused AdminServer plugins to attenuate potential assault vectors.
Nevertheless, these measures are supposed just for short-term use. Progress strongly advises all clients to improve to the patched variations to totally remediate the vulnerability.
Customers of retired OpenEdge variations should improve to a presently supported launch to obtain the repair.
Discover this Story Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.
