CVE-2025-54768

CVE-2025-54768: KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Vendor Xorux
Product LPAR2RRD
Weakness CWE-648
Published July 28, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Key dates

02Disclosure timeline

July 28, 2025 CVE published
November 3, 2025 Record updated