Unrated severityNVD Advisory· Published Jul 28, 2025· Updated Nov 3, 2025

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

CVE-2025-54768

Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Affected products

Xorux/LPAR2RRDv5
Range: 8.04

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

korelogic.com/Resources/Advisories/KL-001-2025-015.txtmitrethird-party-advisory
lpar2rrd.com/note800.phpmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000