Main Vulnerability Database SB20260422181

SB20260422181 - Arbitrary file read in Progress OpenEdge

Published: April 22, 2026

Security Bulletin ID SB20260422181

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2025-7389)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper access control in the AdminServer RMI interface when handling file access methods. A local user can invoke exposed RMI methods to disclose sensitive information.

The issue affects validated OS users because the AdminServer process performs file access with its own delegated authority, which can bypass normal OS-level file permission checks.

Remediation

Install update from vendor's website.

References

https://community.progress.com/s/article/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServer