CVE-2025-7766

HIGH

8.0

Description

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

Details CVE

Score CVSS v3.18.0

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueADJACENT_NETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie7/22/2025

Derniere modification7/25/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-611

References

https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM(ics-cert@hq.dhs.gov)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02(ics-cert@hq.dhs.gov)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.