Home

Description

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.

PUBLISHED Reserved 2025-07-28 | Published 2025-07-28 | Updated 2025-11-03 | Assigner KoreLogic

Problem types

CWE-648: Incorrect Use of Privileged APIs

Product status

Default status
affected

8.04
affected

Credits

This vulnerability was discovered by Jim Becher of KoreLogic, Inc. finder

References

seclists.org/fulldisclosure/2025/Jul/17

korelogic.com/Resources/Advisories/KL-001-2025-014.txt third-party-advisory

lpar2rrd.com/note800.php release-notes

cve.org (CVE-2025-54767)

nvd.nist.gov (CVE-2025-54767)

Download JSON