CVE-2025-7766

HIGH

8.0

Beschreibung

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

CVE Details

CVSS v3.1 Bewertung8.0

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorADJACENT_NETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht7/22/2025

Zuletzt geandert7/25/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-611

Referenzen

https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM(ics-cert@hq.dhs.gov)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02(ics-cert@hq.dhs.gov)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.