CVE-2025-54766

CVE-2025-54766: KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Vendor Xorux
Product XorMon-NG
Weakness CWE-648
Published July 28, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

Key dates

02Disclosure timeline

July 28, 2025 CVE published
November 3, 2025 Record updated