Unrated severityNVD Advisory· Published Jul 28, 2025· Updated Nov 3, 2025

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

CVE-2025-54765

Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

Affected products

Xorux/Xormon Ngv5
Range: 1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

korelogic.com/Resources/Advisories/KL-001-2025-013.txtmitrethird-party-advisory
xormon.com/note190.phpmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000