CVE-2025-54769
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-11-03
Assigner: KoreLogic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xorux | lpar2rrd | to 8.04 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-24 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a directory traversal flaw in Xorux LPAR2RRD (version 8.04 and earlier) that allows an authenticated user with read-only permissions to upload files and manipulate filenames to place those files anywhere on the local filesystem. By doing so, an attacker can overwrite existing PERL modules with malicious scripts. These malicious scripts can then be executed through existing CGI scripts accessible via the web interface, leading to remote code execution (RCE). [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker with only read-only access to upload and place malicious files in critical locations, overwriting PERL modules. This can lead to remote code execution, meaning the attacker can run arbitrary code on the affected system, potentially gaining control over it, compromising data, or disrupting services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized or suspicious file uploads by authenticated users with read-only permissions, especially files placed outside expected directories via directory traversal. You can inspect the /home/lpar2rrd/lpar2rrd/bin/ directory for unexpected or recently modified PERL scripts. Additionally, monitoring web server logs for access to CGI scripts under /lpar2rrd-cgi/ that execute unusual or newly uploaded scripts may help detect exploitation attempts. Specific commands to check for suspicious files include: 1) Listing recently modified files in the target directory: `ls -lt /home/lpar2rrd/lpar2rrd/bin/` 2) Searching for files with suspicious names or extensions: `find /home/lpar2rrd/lpar2rrd/bin/ -type f -name '*.pl' -or -name '*.cgi'` 3) Reviewing web server access logs for unusual requests: `grep '/lpar2rrd-cgi/' /var/log/httpd/access_log` or equivalent. 4) Checking for uploaded files outside allowed directories by scanning for files with directory traversal patterns in filenames or metadata. These steps can help detect exploitation or attempts to exploit the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file upload capabilities for authenticated users with read-only permissions to prevent unauthorized uploads. Apply input validation and sanitization to prevent directory traversal in filenames during uploads. Review and remove any suspicious or unauthorized PERL scripts in the /home/lpar2rrd/lpar2rrd/bin/ directory. Limit execution permissions on uploaded files and CGI scripts to reduce risk. If possible, upgrade Xorux LPAR2RRD to a version later than 8.04 where this vulnerability is fixed. Additionally, monitor web server logs for suspicious activity and consider temporarily disabling the vulnerable CGI scripts until a patch is applied. [1]