CVE-2025-54765 Information

Description

An API endpoint that should be limited to web application administrators is hidden from but accessible by lower-level read only web application users. The endpoint can be used to import the appliance configuration allowing an attacker to control the configuration of the appliance to include granting themselves administrative level permissions.

Reference

https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt https://xormon.com/note190.php

Related CNNVD

CNNVD-202507-3567 (Published: 2025-07-29)