CVE-2025-7388

HighRCE

Published: 04 September 2025

Published

04 September 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS Score 0.0031 54.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7388 is a high-severity Command Injection (CWE-77) vulnerability in Progress (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the inadequate input validation in the RMI interface that enables command injection by requiring validation of configuration property inputs.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the specific flaw in OpenEdge AdminServer via patching to eliminate the command injection vulnerability.

AC-6 Least Privilege good match

prevent

Limits damage from RCE by enforcing least privilege for the AdminServer process under which injected OS commands execute.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Direct RCE via unauthenticated input validation flaw on exposed AdminServer RMI interface enables remote exploitation of public-facing app (T1190) followed by arbitrary OS command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of…

a configuration property with inadequate input validation leading to OS command injection.

Deeper analysisAI

CVE-2025-7388 is a remote command execution (RCE) vulnerability in the Java RMI interface of the OpenEdge AdminServer. The flaw stems from inadequate input validation when manipulating a configuration property via the RMI interface, enabling OS command injection. This allows authenticated users to inject and execute arbitrary OS commands under the delegated authority of the AdminServer process. It is classified under CWE-77 (Command Injection) and carries a CVSS v3.1 base score of 8.4 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L).

The vulnerability can be exploited remotely by authenticated users with low privileges (PR:L), though it requires high attack complexity (AC:H) and involves no user interaction (UI:N). Successful exploitation changes scope (S:C), resulting in high impacts to confidentiality and integrity (C:H/I:H) and low impact to availability (A:L). Attackers can thereby execute OS commands on the affected system with the privileges of the AdminServer process.

Progress has published an advisory titled "Important RCE Security Update for OpenEdge AdminServer" at https://community.progress.com/s/article/Important-RCE-Security-Update-for-OpenEdge-AdminServer, which addresses mitigations for this issue.