heise PlusAbo
Anzeige

Attackers can attack Kemp LoadMaster with crafted HTTP requests

A critical vulnerability jeopardizes the security of servers with Kemp LoadMaster.

listen Print view

(Image: Tatiana Popova/Shutterstock.com)

1 min. read
Security
By

If attackers successfully exploit a recently closed vulnerability in Kemp LoadMaster from Progress Software, they can compromise systems after executing malicious code. An updated version is available for download.

Security update available

Because certain incoming requests are not sufficiently checked, attackers can use prepared HTTP requests to exploit a “critical” vulnerability (CVE-2025-1758 “critical”) without authentication. This can lead to memory errors and attackers can execute their code. After this, systems are usually considered fully compromised.

Videos by heise

In the release notes, the developers state that they have fixed the bug in LoadMaster 7.2.61.1. Even if there are no reports of ongoing attacks yet, admins should install the security update as soon as possible.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten