CVE-2025-7766

HIGH

8.0

Description

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

CVE Details

CVSS v3.1 Score8.0

SeverityHIGH

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published7/22/2025

Last Modified7/25/2025

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-611

References

https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM(ics-cert@hq.dhs.gov)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02(ics-cert@hq.dhs.gov)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.