XORUX XorMon-NG 安全漏洞

XORUX XorMon-NG is an infrastructure performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX XorMon-NG, which stems from improper access control of API endpoints and could lead to elevation of privilege...

📄 Xorux XorMon-NG 1.8 Information Disclosure

Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

📄 Xorux XorMon-NG 1.8 Privilege Escalation

Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control t...

XORUX XorMon-NG 安全漏洞

XORUX XorMon-NG is an infrastructure performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX XorMon-NG, which stems from improper access control of API endpoints and could lead to the disclosure of sensitive information...

CVE-2025-54765 KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...

CVE-2025-54766 KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54765 2. Vulnerability Description An API endpoint that should be limited to web application...

Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54766 2. Vulnerability Description An API endpoint that should be limited to web application...