A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications.
The flaw, identified as CVE-2025-7388, allows for remote code execution (RCE) and affects multiple versions of the software, potentially enabling attackers to execute arbitrary commands with elevated system privileges.
The vulnerability resides in the AdminServer component of OpenEdge, specifically within its Java Remote Method Invocation (RMI) interface, which is used for remote administrative tasks.
According to a security notification, the flaw allows an authenticated but unauthorized user to manipulate configuration properties. This can lead to OS command injection through the workDir parameter.
Attackers can exploit this by injecting malicious commands, which are then executed with the high-level privileges of the AdminServer process, often running as NT AUTHORITY/SYSTEM on Windows systems.
Progress OpenEdge AdminServer Vulnerability
Progress has addressed the vulnerability and released patches in OpenEdge Long-Term Support (LTS) Updates 12.2.18 and 12.8.9.
The fix involves two key changes: first, it sanitizes the workDir parameter by enclosing values in double quotes to prevent command injection. Second, it disables the remote RMI capability by default to reduce the attack surface.
All OpenEdge versions prior to these updates, including LTS Releases 12.2.17 and 12.8.8 and their earlier minor versions, are susceptible.
Systems running unpatched versions remain exposed to significant risk, as weak authentication could allow attackers to compromise the entire system.
For users who have applied the patch, remote RMI will be disabled by default. Administrators who relied on this feature for remote operations will find it no longer functions.
While it is possible to re-enable remote RMI, Progress warns that doing so reintroduces security risks and should only be done if there is a compelling business reason, at the user’s own risk.
For organizations unable to apply the updates immediately, temporary mitigations are recommended.
These include restricting network access to the AdminServer RMI port (default 20931) using firewalls, running the AdminServer process with the lowest possible privileges, and removing any unused AdminServer plugins to minimize potential attack vectors.
However, these measures are intended only for short-term use. Progress strongly advises all customers to upgrade to the patched versions to fully remediate the vulnerability.
Users of retired OpenEdge versions must upgrade to a currently supported release to receive the fix.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
