A series of critical security vulnerabilities have been identified in Progress Software’s LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files.
CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, affect all current versions of LoadMaster, including Multi-Tenant LoadMaster (MT) deployments, prompting an urgent patch advisory for users.
Progress Software has confirmed that no active exploits of these vulnerabilities have been reported. However, due to the risks posed, the company is strongly urging all users to update their LoadMaster implementations immediately.
Details of the Vulnerabilities
- Vulnerabilities CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, and CVE-2024-56135 enable attackers who gain access to the management interface and authenticate successfully to issue specially crafted HTTP requests. These requests could allow malicious actors to execute arbitrary system commands on the affected servers.
- CVE-2024-56134, on the other hand, allows authenticated attackers to download the contents of arbitrary files on the system using a similar technique.
To mitigate these flaws, Progress Software has implemented input sanitization measures to prevent the execution of arbitrary system commands and unauthorized file access.
Patch Release Details
Progress Software has released patched firmware versions to address these vulnerabilities. Users are encouraged to upgrade to the fixed versions immediately:
| Product | Affected Versions | Patched Versions | Release Date |
| LoadMaster | 7.2.55.0 to 7.2.60.1 | 7.2.61.0 (GA) | February 5, 2025 |
| LoadMaster | 7.2.49.0 to 7.2.54.12 | 7.2.54.13 (LTSF) | February 5, 2025 |
| LoadMaster | 7.2.48.12 and earlier versions | Upgrade to LTSF/GA | February 5, 2025 |
| Multi-Tenant LoadMaster | 7.1.35.12 and earlier versions | 7.1.35.13 (GA) | February 5, 2025 |
Multi-Tenant (MT) hypervisors and instantiated LoadMaster Virtual Network Functions (VNFs) are also vulnerable and require the same updates.
To secure their systems, customers should promptly download the latest firmware version from the LoadMaster Support Portal and follow the upgrade instructions detailed in the company’s Knowledge Base article.
Additionally, Progress Software recommends adhering to its security hardening guidelines for robust protection.
For further assistance, affected customers are advised to open a Technical Support case through the LoadMaster customer community.
This critical update underscores the importance of maintaining up-to-date security measures to prevent potential threats.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free