CVE-2025-54766

Medium CVSS: 5.3

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

Vendor

Xorux

Product

Xormon

CWE

CWE-648

Yayın Tarihi

2025-07-29 00:15:24

Güncelleme

2025-11-03 20:19:14

Source Identifier

bbf0bd87-ece2-41be-b873-96928ee8fab9

KEV Date Added

Kategoriler

CWE-648 Xormon MEDIUM Xorux 2025

Referanslar

https://korelogic.com/Resources/Advisories/KL-001-2025-012.txt https://xormon.com/note190.php http://seclists.org/fulldisclosure/2025/Jul/15

Benzer Kayıtlar

Medium

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd…

Medium

CVE-2025-54768

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

High

CVE-2025-54769

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in…

Medium

CVE-2025-54765

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…