Main Vulnerability Database Vulnerabilities #VU126823

Improper access control in OpenEdge - CVE-2025-7389

Published: April 22, 2026

Vulnerability identifier: #VU126823

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-7389

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Progress Software Corporation

Affected software:
OpenEdge

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper access control in the AdminServer RMI interface when handling file access methods. A local user can invoke exposed RMI methods to disclose sensitive information.

The issue affects validated OS users because the AdminServer process performs file access with its own delegated authority, which can bypass normal OS-level file permission checks.

How to mitigate CVE-2025-7389

Install security update from vendor's website.

Sources

https://community.progress.com/s/article/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServer

Improper access control in OpenEdge - CVE-2025-7389

Detailed vulnerability description

How to mitigate CVE-2025-7389

Sources

Please verify you're human