Critical vulnerability in Progress OpenEdge / Proalpha ERP

Posted on 2025-09-05 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Attention Progress OpenEdge / Proalpha ER users. A critical security vulnerability (CVE-2025-7388 ) has been discovered in the Progress OpenEdge software that allows code to be executed via Java RMI in an administrative context. OpenEdge 12.x and Proalpha 9.x are affected. Action is required.

Here is the original message I received from blog reader Stefan K. (thank you for that).

Dear Sir or Madam,

A critical security vulnerability has been discovered in Progress OpenEdge that affects Proalpha ERP and requires your immediate attention and action.

To effectively remediate this critical security vulnerability, please follow the instructions provided below.

1. Executive Summary 

  • Risk: Attackers can execute unauthorized code on the Proalpha server, potentially compromising systems.
  • Action Required: Securing Proalpha servers through the local Windows Firewall is necessary.
  • Support: Detailed instructions are available in our Knowledge Base.
  • Urgency: Please plan implementation promptly to ensure the continued security of your systems.

2. Detailed Information for IT Personnel 

Affected Vulnerability:

  • CVE-2025-7388 – Code execution via Java RMI in administrative context

Affected Components and Versions:

  • OpenEdge 12.x / Proalpha 9.x

Additional Information and Implementation Resources:

  • Proalpha 9.x: KB0095389
  • The Knowledge Base article contains:
    • The required Windows Firewall configuration
    • A PowerShell command for rapid firewall configuration
  • After configuration, access to the Java RMI module from the corporate network will no longer be possible, eliminating any immediate risk of unauthorized code execution. Proalpha functionality will not be affected by these changes.
  • If you require assistance with Windows Firewall configuration, please submit a billable request through the catalog in the customer portal or contact your partner/system vendor.
  • For our cloud customers, firewall measures have already been implemented proactively by the Cloud Operations team.
  • Customers undergoing updates must implement these measures in both the current and new Proalpha versions.

3. Additional Measures 

  • For OpenEdge 12.x / Proalpha 9.x, additional security patches (OpenEdge Service Pack 12.2.18 and 12.8.9) are being provided. Installation is strongly recommended.
  • We generally recommend always using the latest approved OpenEdge Service Pack.
  • You can order the Progress Service Pack installation through the catalog in the customer portal or contact your partner/account manager. We will schedule the installation together with you.
  • You can find the OpenEdge Service Pack downloads along with installation instructions in KB0010297.
This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).