CVE-2025-54769

CVE-2025-54769: KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

Vendor Xorux
Product LPAR2RRD
Weakness CWE-24
Published July 28, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

Key dates

02Disclosure timeline

July 28, 2025 CVE published
November 3, 2025 Record updated