← volver
CVE-2025-54769

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

CVSS 8.8 HIGHEPSS 2.9%CWE-24CWE-434CWE-648
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Xorux · LPAR2RRD
PoCs públicas encontradas2
githubgithub.com/byteReaper77/CVE-2025-547692exploitdbwww.exploit-db.com/exploits/52391no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2025/Jul/19https://korelogic.com/Resources/Advisories/KL-001-2025-016.txthttps://lpar2rrd.com/note800.php