CVE-2025-54765

Medium CVSS: 5.3

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

Vendor

Xorux

Product

Xormon

CWE

CWE-648

Yayın Tarihi

2025-07-29 00:15:23

Güncelleme

2025-11-03 20:19:14

Source Identifier

bbf0bd87-ece2-41be-b873-96928ee8fab9

KEV Date Added

Kategoriler

CWE-648 Xormon MEDIUM Xorux 2025

Referanslar

https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt https://xormon.com/note190.php http://seclists.org/fulldisclosure/2025/Jul/16

Benzer Kayıtlar

Medium

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

Medium

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd…

Medium

CVE-2025-54768

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

High

CVE-2025-54769

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in…