Unrated severityNVD Advisory· Published Jul 28, 2025· Updated Nov 3, 2025

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

CVE-2025-54766

Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

Affected products

Xorux/Xormon Ngv5
Range: 1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

korelogic.com/Resources/Advisories/KL-001-2025-012.txtmitrethird-party-advisory
xormon.com/note190.phpmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000