How Do I Secure My Network Against Critical Kemp LoadMaster Vulnerabilities CVE-2025-13444 and CVE-2025-13447?

Home » Cybersecurity » How Do I Secure My Network Against Critical Kemp LoadMaster Vulnerabilities CVE-2025-13444 and CVE-2025-13447?

Table of Contents

Are My LoadMasters at Risk? Understanding the December 2025 Progress Kemp Security Disclosures
Technical Breakdown of the Vulnerabilities
Timeline and Disclosure Context
Remediation Steps
Critical Risk Assessment

Are My LoadMasters at Risk? Understanding the December 2025 Progress Kemp Security Disclosures

Progress Software has patched two high-severity vulnerabilities in the Kemp LoadMaster product suite. These flaws, tracked as CVE-2025-13444 and CVE-2025-13447, allow authenticated attackers to execute arbitrary system commands. Security researchers reported these issues on December 17, 2025, and Progress released fixes promptly. Public disclosure occurred on January 12, 2026, to allow customers time to patch.

Technical Breakdown of the Vulnerabilities

Both vulnerabilities are classified as OS Command Injections. They exist within the LoadMaster’s management interface API.

CVE-2025-13444: This flaw affects the getcipherset function. It primarily impacts the Multi-Tenant (MT) Hypervisor and Manager nodes.
CVE-2025-13447: This vulnerability impacts multiple API endpoints, including addapikey, delapikey, delcert, dmidecode, listapikeys, and ssodomain. It affects individual LoadMaster Virtual Network Functions (VNFs).

An attacker with “User Administration” permissions can exploit these flaws. They can inject malicious commands into the system. The system then executes these commands with elevated privileges. This allows the attacker to fully compromise the appliance.

Timeline and Disclosure Context

The timeline follows a standard responsible disclosure process:

December 17, 2025: Researchers privately reported the vulnerabilities to Progress Software.
Late December 2025: Progress developed and released patches to customers.
January 12, 2026: The details became public knowledge.

This delay prevented widespread exploitation. It gave administrators a head start to secure their environments before attackers could reverse-engineer the patches.

Remediation Steps

Administrators must update their LoadMaster instances immediately.

Identify Vulnerable Systems: Check your current firmware version.
Download the Update: Obtain the latest GA (Generally Available) or LTSF (Long-Term Support Firmware) release from the Progress support portal.
Look for firmware versions released after December 17, 2025, such as 7.2.62.2 or later.
Apply the Patch: Install the update on all LoadMaster VNFs and MT Hypervisors.
Verify: Confirm the installation was successful. Monitor logs for any suspicious activity involving the affected API endpoints (getcipherset, addapikey, etc.).

Critical Risk Assessment

While these flaws require authentication, do not ignore them. Compromised admin credentials are common. An attacker who steals credentials could use these exploits to pivot from “admin access” to “full system control.” Patching is the only effective mitigation.