2 matches found
CVE-2025-54765 KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...
Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54765 2. Vulnerability Description An API endpoint that should be limited to web application...