CVE-2025-54769

High CVSS: 8.8

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

Vendor

Xorux

Product

Lpar2rrd

CWE

CWE-24

Yayın Tarihi

2025-07-29 00:15:24

Güncelleme

2025-11-03 20:19:15

Source Identifier

bbf0bd87-ece2-41be-b873-96928ee8fab9

KEV Date Added

Kategoriler

CWE-24 Lpar2rrd HIGH Xorux 2025

Referanslar

https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt https://lpar2rrd.com/note800.php http://seclists.org/fulldisclosure/2025/Jul/19

Benzer Kayıtlar

Medium

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

Medium

CVE-2025-54767

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd…

Medium

CVE-2025-54768

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…

Medium

CVE-2025-54765

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level…