Privilege Escalation in Xormon Original Appliance by Authenticated Users
CVE-2025-54767

6.5MEDIUM

Key Information:

Vendor: Xorux
Status: Lpar2rrd
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-54767?

An authenticated, read-only user on the Xormon Original virtual appliance has the ability to terminate processes running as the lpar2rrd user. This flaw could potentially allow an attacker to disrupt service operations by killing critical processes, leading to a denial of service or other unforeseen consequences.

Affected Version(s)

LPAR2RRD Linux 8.04

References

https://korelogic.com/Resources/Advisories/KL-001-2025-01...

third-party-advisory

https://lpar2rrd.com/note800.php

release-notes

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025

Xorux

What is CVE-2025-54767?

Affected Version(s)

References

CVSS V3.1

Timeline