[English]Short addendum and note for administrators who use the load balancer LoadMaster from Progress Kemp. As of March 10, 2025, the provider has announced that the vulnerability CVE-2025-1758 has been closed by a security update.
Advertising
What is Progress Kemp?
Progress Kemp offers the load balancer Load-Balancer LoadMaster, which is designed to provide load balancing in networks. In its simplest form, a load balancer offers the option of forwarding application users to the most powerful and accessible server.
Vulnerability CVE-2025-1758 in LoadMaster fixed
The vulnerability CVE-2025-1758 has been closed in the release notes for Kemp Progress LoadMaster 7.2.61.1. Improper input validation in Progress LoadMaster allows a buffer overflow.
Malicious actors can remotely issue a carefully crafted HTTP request to cause a stack-based buffer overflow and potentially execute arbitrary system commands. This issue affects:
- LoadMaster: 7.2.40.0 and higher
- ECS: All versions
- Multi-Tenancy: 7.1.35.4 and higher
This vulnerability has been closed by improving buffer management to prevent the execution of malicious code from the stack. Thanks to the reader for pointing this out in this comment.
Advertising
