Cyber Resilience

CVE-2025-7388

HighRCE

Published: 04 September 2025

Published
04 September 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0038 60.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7388 is a high-severity Command Injection (CWE-77) vulnerability in Progress (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7388 is a remote command execution (RCE) vulnerability in the Java RMI interface of the OpenEdge AdminServer. The flaw stems from inadequate input validation when manipulating a configuration property via the RMI interface, enabling OS command injection. This allows authenticated users to inject and execute arbitrary OS commands under the delegated authority of the AdminServer process. It is classified under CWE-77 (Command Injection) and carries a CVSS v3.1 base score of 8.4 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L).

The vulnerability can be exploited remotely by authenticated users with low privileges (PR:L), though it requires high attack complexity (AC:H) and involves no user interaction (UI:N). Successful exploitation changes scope (S:C), resulting in high impacts to confidentiality and integrity (C:H/I:H) and low impact to availability (A:L). Attackers can thereby execute OS commands on the affected system with the privileges of the AdminServer process.

Progress has published an advisory titled "Important RCE Security Update for OpenEdge AdminServer" at https://community.progress.com/s/article/Important-RCE-Security-Update-for-OpenEdge-AdminServer, which addresses mitigations for this issue.

EU & UK References

Vulnerability details

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of…

more

a configuration property with inadequate input validation leading to OS command injection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Direct RCE via unauthenticated input validation flaw on exposed AdminServer RMI interface enables remote exploitation of public-facing app (T1190) followed by arbitrary OS command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-67397Shared CWE-77
CVE-2024-55030Shared CWE-77
CVE-2025-24818Shared CWE-77
CVE-2025-9223Shared CWE-77
CVE-2026-8431Shared CWE-77
CVE-2026-44869Shared CWE-77
CVE-2025-70093Shared CWE-77
CVE-2025-0593Shared CWE-77
CVE-2026-34259Shared CWE-77
CVE-2026-44866Shared CWE-77

Affected Assets

Progress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the inadequate input validation in the RMI interface that enables command injection by requiring validation of configuration property inputs.

prevent

Requires timely remediation of the specific flaw in OpenEdge AdminServer via patching to eliminate the command injection vulnerability.

prevent

Limits damage from RCE by enforcing least privilege for the AdminServer process under which injected OS commands execute.

References