- 21/2026
- High
Progress has released security updates to fix multiple vulnerabilities across several Progress products.
The addressed vulnerabilities could allow the attacker to execute arbitrary commands and gain access by exploiting unsanitized input in the API input parameters to the affected system.
Sample of the addressed vulnerabilities:
Progress LoadMaster UI/API Command Injection Remote Code Execution Vulnerability (getcipherset) (CVE-2025-13444):
- CVSS: 8.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- MOVEit WAF version 7.2.62.1.
- LoadMaster GA 7.2.62.0 and all prior GA versions.
- LoadMaster LTSF 7.2.54.15 and all prior LTSF versions.
Vulnerabilities
- CVE-2025-13444
- CVE-2025-13447
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.