Progress OpenEdge logo with security alert icon

A critical security vulnerability (CVE-2025-7388) has been discovered in the AdminServer component of Progress OpenEdge, allowing authenticated users to execute arbitrary system commands remotely. The flaw exploits the Java RMI interface’s workDir parameter, enabling OS command injection with elevated privileges, often running as NT AUTHORITY/SYSTEM on Windows.

Progress OpenEdge logo with security alert iconProgress OpenEdge logo with security alert icon

Progress has addressed the issue in OpenEdge LTS Updates 12.2.18 and 12.8.9 by sanitizing the workDir input and disabling remote RMI by default to reduce attack risk. Systems running earlier versions remain vulnerable and should be updated immediately.

Progress OpenEdge logo with security alert iconProgress OpenEdge logo with security alert icon

For organizations unable to patch promptly, temporary mitigations include restricting network access to the AdminServer RMI port (default 20931), running the AdminServer with minimal privileges, and removing unused plugins. However, these are short-term measures, and applying the official patch is strongly recommended to fully secure affected environments.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security