CVE-2025-54769 (GCVE-0-2025-54769)
Vulnerability from cvelistv5 – Published: 2025-07-28 23:34 – Updated: 2025-11-03 20:06
VLAI
Title
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
Summary
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity
8.8 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| https://lpar2rrd.com/note800.php | release-notes |
Date Public
2025-07-28 23:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:20:37.673761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:22:11.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:37.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "LPAR2RRD",
"vendor": "Xorux",
"versions": [
{
"status": "affected",
"version": "8.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered by Jim Becher of KoreLogic, Inc."
}
],
"datePublic": "2025-07-28T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker."
}
],
"value": "An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T23:34:38.972Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt"
},
{
"tags": [
"release-notes"
],
"url": "https://lpar2rrd.com/note800.php"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2025-54769",
"datePublished": "2025-07-28T23:34:38.972Z",
"dateReserved": "2025-07-28T16:02:18.186Z",
"dateUpdated": "2025-11-03T20:06:37.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-54769",
"date": "2026-05-28",
"epss": "0.09341",
"percentile": "0.92891"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-54769\",\"sourceIdentifier\":\"bbf0bd87-ece2-41be-b873-96928ee8fab9\",\"published\":\"2025-07-29T00:15:24.473\",\"lastModified\":\"2025-11-03T20:19:15.053\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.\"},{\"lang\":\"es\",\"value\":\"Un usuario autenticado de solo lectura puede cargar un archivo y realizar un directory traversal para colocarlo en la ubicaci\u00f3n que elija. Esto puede usarse para sobrescribir m\u00f3dulos PERL existentes en la aplicaci\u00f3n y lograr la ejecuci\u00f3n remota de c\u00f3digo (RCE) por parte de un atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"bbf0bd87-ece2-41be-b873-96928ee8fab9\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-24\"},{\"lang\":\"en\",\"value\":\"CWE-434\"},{\"lang\":\"en\",\"value\":\"CWE-648\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.04\",\"matchCriteriaId\":\"5B49D9F5-0510-4191-B286-427ECC02C837\"}]}]}],\"references\":[{\"url\":\"https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt\",\"source\":\"bbf0bd87-ece2-41be-b873-96928ee8fab9\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lpar2rrd.com/note800.php\",\"source\":\"bbf0bd87-ece2-41be-b873-96928ee8fab9\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/19\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:06:37.868Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54769\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-29T13:20:37.673761Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-29T13:20:57.115Z\"}}], \"cna\": {\"title\": \"KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This vulnerability was discovered by Jim Becher of KoreLogic, Inc.\"}], \"affected\": [{\"vendor\": \"Xorux\", \"product\": \"LPAR2RRD\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.04\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-07-28T23:00:00.000Z\", \"references\": [{\"url\": \"https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://lpar2rrd.com/note800.php\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-24\", \"description\": \"CWE-24 Path Traversal: \u0027../filedir\u0027\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-648\", \"description\": \"CWE-648 Incorrect Use of Privileged APIs\"}]}], \"providerMetadata\": {\"orgId\": \"bbf0bd87-ece2-41be-b873-96928ee8fab9\", \"shortName\": \"KoreLogic\", \"dateUpdated\": \"2025-07-28T23:34:38.972Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-54769\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:06:37.868Z\", \"dateReserved\": \"2025-07-28T16:02:18.186Z\", \"assignerOrgId\": \"bbf0bd87-ece2-41be-b873-96928ee8fab9\", \"datePublished\": \"2025-07-28T23:34:38.972Z\", \"assignerShortName\": \"KoreLogic\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…