CVE-2025-7388

Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

Description

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.

INFO

Published Date :

2025-09-04T13:01:13.624Z

Last Modified :

2025-09-05T03:55:48.601Z

Source :

ProgressSoftware

AFFECTED PRODUCTS

The following products are affected by CVE-2025-7388 vulnerability.

Vendors	Products
Progress	Openedge Progress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7388.

URL	Resource
https://community.progress.com/s/article/Important-RCE-Security-Update-for-OpenEdge-AdminServer

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact