CVE-2024-56132: 
Progress LoadMaster vulnerability analysis and mitigation

Progress LoadMaster, a high-performance application delivery controller (ADC) and load balancer, is affected by an improper input validation vulnerability (CVE-2024-56132) that was disclosed on February 5, 2025. This vulnerability affects multiple versions of LoadMaster including versions from 7.2.55.0 to 7.2.60.1, 7.2.49.0 to 7.2.54.12, 7.2.48.12 and all prior versions, as well as all ECS versions prior to 7.2.60.1 (NVD, Hacker News).

The vulnerability is classified as an improper input validation issue (CWE-20) that allows OS Command Injection. It received a CVSS v3.1 base score of 8.4 (High) with the vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The vulnerability requires authenticated access to the LoadMaster management interface, where attackers can execute arbitrary system commands through carefully crafted HTTP requests (NVD, Security Online).

If successfully exploited, the vulnerability allows authenticated attackers to execute arbitrary system commands on the affected LoadMaster systems. This could potentially lead to complete system compromise, affecting the confidentiality, integrity, and availability of the load balancer (Hacker News).

Progress Software has released patches to address this vulnerability. Users are advised to upgrade to version 7.2.61.0 (GA) for versions 7.2.55.0 to 7.2.60.1, version 7.2.54.13 (LTSF) for versions 7.2.49.0 to 7.2.54.12, and either LTSF or GA for version 7.2.48.12 and prior. The company has implemented input sanitization to prevent arbitrary system command execution (Hacker News).