CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...

EUVD-2024-27398

Malicious code in bioql PyPI...

Exploit for OS Command Injection in Kemptechnologies Loadmaster

CVE-2024-7591-PoC These PoC python scripts test the Kemp LoadM...

CVE-2025-1758

Progress LoadMaster CVE-2025-1758 is an improper input validation that can cause a buffer/stack overflow in the mangle executable. Affected: LoadMaster 7.2.40.0+, ECS all versions, Multi-Tenancy 7.1.35.4+. Impact ranges from high (NVD base 8.8, confidentiality/integrity/availability high) to pote...

CVE-2024-56131

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-56132

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...

CVE-2024-56134

Progress LoadMaster has a class of vulnerabilities described as Improper Input Validation for authenticated users, enabling OS command injection. Affected are LoadMaster releases 7.2.55.0–7.2.60.1 (inclusive), 7.2.49.0–7.2.54.12 (inclusive), 7.2.48.12 and earlier; Multi-Tenant LoadMaster 7.1.35.1...

CVE-2024-56133

CVE-2024-56133 is a known issue in Progress LoadMaster involving improper input validation that enables an unauthenticated or authenticated user to trigger an OS command injection via the management interface. The vulnerability affects LoadMaster versions: 7.2.55.0–7.2.60.1 (inclusive) , 7.2.49.0...

CVE-2024-2449

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF paylo...

PT-2025-5726 · Progress · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1 Description: The issue is related to improper input validation of...

PT-2025-5724 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1 Description: The issue is related to improper input validation, allowing OS...

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added CVE-2024-1212 CVSS score: 10.0, a maximum-severity security...

PT-2024-38438 · Progress · Multi-Tenancy +2

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.40.0 and above ECS versions all versions Multi-Tenancy versions 7.1.35.4 and above Description: The issue is related to an improper input validation vulnerability in Progress LoadMaster, allowing OS Command Injection...

PT-2024-3306 · Kemp Technologies · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster...