CVE-2025-7388 — HIGH (8.4) — White Hats Nepal

Vulnerability Description

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-77

References

https://community.progress.com/s/article/Important-RCE-Security-Update-for-OpenE

FAQ

What is CVE-2025-7388?

CVE-2025-7388 is a vulnerability with a CVSS score of 8.4 (HIGH). It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authori...

How severe is CVE-2025-7388?

CVE-2025-7388 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-7388?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.