February 11, 2025 By Pierluigi Paganini
Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands.
Progress Software has addressed multiple high-severity security vulnerabilities (CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135) in its LoadMaster software.
Progress Software’s LoadMaster is a high-performance load balancer and application delivery controller (ADC) designed to optimize the availability, security, and performance of web applications and services. It helps distribute network traffic efficiently across multiple servers to ensure reliability and scalability.
Below are the descriptions of these vulnerabilities:
- CVE-2024-56131 (CVSS scores: 8.4) is an Improper input validation vulnerability that could allow an authenticated User in LoadMaster to achieve OS Command Injection.
- CVE-2024-56132 (CVSS scores: 8.4) is an Improper input validation vulnerability that could allow an authenticated User in LoadMaster to achieve OS Command Injection.
- CVE-2024-56133 is an Improper input validation vulnerability that could allow an authenticated User in LoadMaster to achieve OS Command Injection.
- CVE-2024-56135 (CVSS scores: 8.4) is an Improper input validation vulnerability that could allow an authenticated User in LoadMaster to achieve OS Command Injection.
The vulnerabilities impact the following versions:
| Product | Affected Versions | Patched Versions | Release Date |
| LoadMaster | From 7.2.55.0 to 7.2.60.1 (inclusive) | 7.2.61.0 (GA) XML validation file | 5 Feb 2025 |
| From 7.2.49.0 to 7.2.54.12 (inclusive) | 7.2.54.13 (LTSF) XML validation file | 5 Feb 2025 | |
| 7.2.48.12 and all prior versions | Upgrade to LTSF or GA | 5 Feb 2025 | |
| Multi-Tenant LoadMaster | 7.1.35.12 and all prior versions | 7.1.35.13 (GA) XML validation file | 5 Feb 2025 |
