CVE-2025-54766 Information

Description

An API endpoint that should be limited to web application administrators is hidden from but accessible by lower-level read only web application users. The endpoint can be used to export the appliance configuration exposing sensitive information.

Reference

https://korelogic.com/Resources/Advisories/KL-001-2025-012.txt https://xormon.com/note190.php

Related CNNVD

CNNVD-202507-3568 (Published: 2025-07-29)