{"id":37461,"date":"2025-03-21T00:20:27","date_gmt":"2025-03-20T23:20:27","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=37461"},"modified":"2025-03-21T00:20:27","modified_gmt":"2025-03-20T23:20:27","slug":"progress-kemp-loadmaster-load-balancer-vulnerability-cve-2025-1758-march-2025","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/03\/21\/progress-kemp-loadmaster-load-balancer-vulnerability-cve-2025-1758-march-2025\/","title":{"rendered":"Progress Kemp LoadMaster (Load-Balancer) vulnerability CVE-2025-1758 (March 2025)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/03\/21\/progress-kemp-loadmaster-load-balancer-schwachstellen-maerz-2025\/\" target=\"_blank\" rel=\"noopener\">English<\/a>]Short addendum and note for administrators who use the load balancer LoadMaster from Progress Kemp. As of March 10, 2025, the provider has announced that the vulnerability CVE-2025-1758 has been closed by a security update.<!--more--><\/p>\n<h2>What is Progress Kemp?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/b10574d7c5a949fca00c4ceccc235906\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/kemptechnologies.com\/de\" target=\"_blank\" rel=\"noopener\">Progress Kemp<\/a> offers the load balancer <a href=\"https:\/\/kemptechnologies.com\/de\/load-balancer\/application-application-server-load-balancing\" target=\"_blank\" rel=\"nofollow noopener\">Load-Balancer<\/a>\u00a0<em>LoadMaster<\/em>, which is designed to provide load balancing in networks. In its simplest form, a load balancer offers the option of forwarding application users to the most powerful and accessible server.<\/p>\n<h2>Vulnerability CVE-2025-1758 in LoadMaster fixed<\/h2>\n<p>The vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1758\" target=\"_blank\" rel=\"noopener\">CVE-2025-1758<\/a> has been closed in the <a href=\"https:\/\/docs.progress.com\/de-DE\/bundle\/release-notes_loadmaster-7-2-61-1\/page\/Security-Updates.html\" target=\"_blank\" rel=\"noopener\">release notes<\/a> for Kemp Progress LoadMaster 7.2.61.1. Improper input validation in Progress LoadMaster allows a buffer overflow.<\/p>\n<p>Malicious actors can remotely issue a carefully crafted HTTP request to cause a stack-based buffer overflow and potentially execute arbitrary system commands. This issue affects:<\/p>\n<ul>\n<li>LoadMaster: 7.2.40.0 and higher<\/li>\n<li>ECS: All versions<\/li>\n<li>Multi-Tenancy: 7.1.35.4 and higher<\/li>\n<\/ul>\n<p>This vulnerability has been closed by improving buffer management to prevent the execution of malicious code from the stack. Thanks to the reader for pointing this out in <a href=\"https:\/\/www.borncity.com\/blog\/2025\/03\/19\/probleme-und-fixes-nextcloud-chromecast-youtube-samsung-sound-bar\/#comment-211696\" target=\"_blank\" rel=\"noopener\">this comment<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Short addendum and note for administrators who use the load balancer LoadMaster from Progress Kemp. As of March 10, 2025, the provider has announced that the vulnerability CVE-2025-1758 has been closed by a security update.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-37461","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=37461"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37461\/revisions"}],"predecessor-version":[{"id":37462,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37461\/revisions\/37462"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=37461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=37461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=37461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}