CVE-2024-56134: 
Progress LoadMaster vulnerability analysis and mitigation

Progress Software has disclosed a high-severity security vulnerability (CVE-2024-56134) in their LoadMaster application delivery controller software. The vulnerability, discovered in February 2025, is an improper input validation flaw that affects multiple versions of LoadMaster, including versions from 7.2.55.0 to 7.2.60.1, 7.2.49.0 to 7.2.54.12, 7.2.48.12 and prior versions, as well as Multi-Tenant Hypervisor 7.1.35.12 and prior versions (NVD, Hacker News).

The vulnerability is characterized by improper input validation (CWE-20) that allows authenticated users to download the content of any file on the system through carefully crafted HTTP requests to the LoadMaster management interface. The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (High), with the following vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (NVD).

If successfully exploited, the vulnerability allows remote malicious actors who have authenticated access to the LoadMaster management interface to download the content of any file on the system. This could potentially lead to exposure of sensitive system files and configuration data (Hacker News).

Progress Software has released patches to address this vulnerability. Users are advised to upgrade to the following versions: LoadMaster 7.2.61.0 (GA) for versions 7.2.55.0 to 7.2.60.1, version 7.2.54.13 (LTSF) for versions 7.2.49.0 to 7.2.54.12, and version 7.1.35.13 (GA) for Multi-Tenant LoadMaster. Users on version 7.2.48.12 and prior should upgrade to either LTSF or GA releases (Hacker News).