CVE-2025-54768

Medium CVSS: 5.3

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Vendor

Xorux

Product

Lpar2rrd

CWE

CWE-648

Yayın Tarihi

2025-07-29 00:15:24

Güncelleme

2025-11-03 20:19:14

Source Identifier

bbf0bd87-ece2-41be-b873-96928ee8fab9

KEV Date Added

Kategoriler

CWE-648 Lpar2rrd MEDIUM Xorux 2025

Referanslar

https://korelogic.com/Resources/Advisories/KL-001-2025-015.txt https://lpar2rrd.com/note800.php http://seclists.org/fulldisclosure/2025/Jul/18

Benzer Kayıtlar

Medium

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

Medium

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd…

High

CVE-2025-54769

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in…

Medium

CVE-2025-54765

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…