CVE-2025-54765

MEDIUM

Xorux XorMon <= 1.8.0 - Privilege Escalation via API Endpoint

Title source: llm

Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

References (3)

[Exploit, Third Party Advisory] https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt

[Release Notes] https://xormon.com/note190.php

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/16

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 26.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-648

Status published

Products (1)

xorux/xormon < 1.8.0

Published Jul 29, 2025

Tracked Since Feb 18, 2026