CVE-2025-54769 is a path traversal vulnerability identified in Xorux's LPAR2RRD product, specifically version 8.04. The flaw allows an authenticated user with read-only privileges to upload a file and manipulate the file path using directory traversal sequences (e.g., '../filedir'), thereby placing the uploaded file outside the intended directory. This improper sanitization of file paths enables the attacker to overwrite critical PERL modules used by the application. Overwriting these modules can lead to remote code execution (RCE), granting the attacker the ability to execute arbitrary code on the server hosting LPAR2RRD. The vulnerability requires authentication but no user interaction beyond the file upload. The CVSS v3.1 score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction needed. Although no public exploits have been reported yet, the vulnerability's nature makes it a prime candidate for exploitation, especially in environments where LPAR2RRD is used for monitoring IBM Power Systems. The vulnerability is linked to CWE-24 (Path Traversal), CWE-434 (Unrestricted Upload of File with Dangerous Type), and CWE-648 (Incorrect Permission Assignment for Critical Resource). No official patches have been released at the time of publication, increasing the urgency for mitigation.

For European organizations, this vulnerability poses a significant risk, especially for those relying on LPAR2RRD to monitor IBM Power Systems infrastructure. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, potentially leading to data breaches, disruption of monitoring services, and lateral movement within networks. The compromise of monitoring tools can also obscure attacker activities, delaying detection and response. Critical sectors such as finance, telecommunications, energy, and government agencies that use IBM Power Systems and LPAR2RRD for capacity planning and performance monitoring are particularly vulnerable. The ability to execute code remotely without elevated privileges or user interaction increases the threat level. Additionally, the overwriting of PERL modules could allow persistent backdoors or manipulation of monitoring data, impacting operational integrity and availability of services.

Given the absence of an official patch, European organizations should implement immediate compensating controls. These include restricting file upload capabilities strictly to trusted users and limiting the directories where files can be uploaded through filesystem permissions and application configuration. Employ application-layer filtering to sanitize and validate file paths rigorously, preventing directory traversal sequences. Monitor file system integrity for unexpected changes to PERL modules or other critical application files using file integrity monitoring tools. Isolate LPAR2RRD instances within segmented network zones to limit lateral movement if compromised. Employ strict authentication and access controls, including multi-factor authentication for all users with upload privileges. Regularly audit logs for suspicious upload activities and anomalous application behavior. Engage with Xorux for updates and patches, and plan for rapid deployment once available. Consider deploying web application firewalls (WAFs) with custom rules to detect and block directory traversal attempts.