Cyber Resilience

CVE-2025-54769

HighPublic PoC

Published: 29 July 2025

Published
29 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0934 92.9th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54769 is a high-severity Path Traversal: '../filedir' (CWE-24) vulnerability in Xorux Lpar2Rrd. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-54769 is a path traversal vulnerability affecting an application that permits file uploads and relies on Perl modules. An authenticated read-only user can combine an upload with directory traversal to write an arbitrary file to any location on the server, including locations that overwrite existing Perl modules.

An attacker with read-only credentials can exploit the flaw over the network without user interaction to place a malicious module that the application subsequently loads, resulting in remote code execution with impacts on confidentiality, integrity, and availability. The CVSS 3.1 base score of 8.8 reflects the low attack complexity and the privilege escalation from read-only to full system control.

Public advisories referenced at korelogic.com, lpar2rrd.com, and seclists.org detail the issue and are the primary sources for patch or configuration guidance. The associated EPSS score has remained flat at 0.0934 with no material increase since disclosure.

EU & UK References

Vulnerability details

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote…

more

code execution (RCE) by an attacker.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct RCE via authenticated file upload + directory traversal in public-facing web app (LPAR2RRD).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56975Shared CWE-434
CVE-2019-25580Shared CWE-434
CVE-2026-27636Shared CWE-434
CVE-2026-4809Shared CWE-434
CVE-2020-37090Shared CWE-434
CVE-2026-24729Shared CWE-434
CVE-2026-28289Shared CWE-434
CVE-2026-1730Shared CWE-434
CVE-2023-50897Shared CWE-434
CVE-2025-70457Shared CWE-434

Affected Assets

xorux
lpar2rrd
≤ 8.04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates uploaded file names and paths to directly prevent directory traversal and unrestricted file placement exploits.

prevent

Enforces least privilege to deny read-only authenticated users the ability to perform file upload and write operations.

prevent

Restricts unauthorized information inputs such as file uploads for read-only users, blocking the initial exploitation vector.

References