Unrated severityNVD Advisory· Published Jul 28, 2025· Updated Nov 3, 2025

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

CVE-2025-54769

Description

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

Affected products

Xorux/LPAR2RRDv5
Range: 8.04

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

korelogic.com/Resources/Advisories/KL-001-2025-016.txtmitrethird-party-advisory
lpar2rrd.com/note800.phpmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000