Progress OpenEdge AdminServer Vulnerability Allows Remote Code Execution by Attackers
A critical security vulnerability, identified as CVE-2025-7388, has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. This flaw allows for remote code execution (RCE) and affects multiple versions of the software, enabling attackers to execute arbitrary commands with elevated system privileges. The vulnerability is located in the AdminServer component of OpenEdge, specifically within its Java Remote Method Invocation (RMI) interface, which is utilised for remote administrative tasks. An authenticated but unauthorised user can manipulate configuration properties, leading to OS command injection through the workDir parameter. Attackers can exploit this vulnerability by injecting malicious commands that are executed with the high-level privileges of the AdminServer process, often running as NT AUTHORITY/SYSTEM on Windows systems.
Progress has addressed this vulnerability by releasing patches in OpenEdge Long-Term Support (LTS) Updates 12.2.18 and 12.8.9. The fix includes sanitising the workDir parameter by enclosing values in double quotes to prevent command injection and disabling the remote RMI capability by default to reduce the attack surface. All OpenEdge versions prior to these updates, including LTS Releases 12.2.17 and 12.8.8, are susceptible. Systems running unpatched versions remain at significant risk due to weak authentication, which could allow attackers to compromise the entire system. For organisations unable to apply the updates immediately, temporary mitigations are recommended, such as restricting network access to the AdminServer RMI port and running the AdminServer process with the lowest possible privileges. Progress strongly advises all customers to upgrade to the patched versions to fully remediate the vulnerability.
Categories: Security Vulnerability, Remote Code Execution, Software Patching
Tags: Progress OpenEdge, CVE-2025-7388, Remote Code Execution, AdminServer, Java RMI, Command Injection, Security Patches, Elevated Privileges, Network Access, Vulnerability Mitigation