exploitDog

CVE-2025-54768

Опубликовано: 29 июл. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Ссылки

https://korelogic.com/Resources/Advisories/KL-001-2025-015.txt
Exploit
Third Party Advisory
https://lpar2rrd.com/note800.php
Release Notes
http://seclists.org/fulldisclosure/2025/Jul/18

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*

Версия до 8.04 (включая)

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-648

Связанные уязвимости

GHSA-9fr7-pvrj-ff37

CVSS3: 5.3

github

6 месяцев назад

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-648