CVE-2025-54765
MEDIUMXorux XorMon <= 1.8.0 - Privilege Escalation via API Endpoint
Title source: llmDescription
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.
References (3)
Core 3
Core References
Exploit, Third Party Advisory third-party-advisory
https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt
Release Notes release-notes
https://xormon.com/note190.php
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/16
Scores
CVSS v3
5.3
EPSS
0.0645
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-648
Status
published
Products (1)
xorux/xormon
< 1.8.0
Published
Jul 29, 2025
Tracked Since
Feb 18, 2026