CVE-2025-54768
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-11-03
Assigner: KoreLogic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xorux | lpar2rrd | to 8.04 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because an API endpoint intended only for web application administrators is accessible to lower-privileged read-only users. This endpoint allows these users to download appliance configuration logs that contain sensitive information, including password hashes and user configuration details. An authenticated read-only user can exploit this to obtain files like "htusers.cfg" and "users.json", which store password hashes, potentially enabling them to crack passwords and escalate their privileges. [1]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information such as password hashes for all users, including administrators. An attacker with read-only access can download and extract these logs, then attempt to crack the password hashes to gain higher privileges or unauthorized access, potentially compromising the security of the entire system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the vulnerable API endpoint as a read-only user and checking if the appliance configuration logs can be downloaded. A suggested command is using curl with basic authentication to download the logs, for example: curl -u <readonly_user>:<password> https://<target>/api/download/logs -o logs.tar.gz. After downloading, extract the logs and inspect files such as "htusers.cfg" and "users.json" for sensitive information like password hashes. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the affected product, Xorux's LPAR2RRD, to version 8.05 or later, where the vulnerability has been fixed. Until the upgrade can be performed, restrict access to the vulnerable API endpoint to only authorized web application administrators and monitor for any unauthorized access attempts. [1]