Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference

8.6 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

Basic Information

ID CVE-2025-7766

Source icscert

Published Jul 22, 2025 at 21:44

Modified Jul 23, 2025 at 19:57

Affected Product

Vendor Lantronix

Product Provisioning Manager

Affected Versions Lantronix Provisioning Manager 0

CWE Classification

CWE-611

References

{
    "lastseen": "",
    "description": "Lantronix\u00a0Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.",
    "published": "2025-07-22T21:44:10.227Z",
    "modified": "2025-07-23T19:57:57.931Z",
    "type": "cve",
    "title": "Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02\nhttps://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM",
    "id": "CVE-2025-7766",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "Lantronix Provisioning Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Provisioning Manager",
    "version": "0",
    "vendor": "Lantronix",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference_CVE-2025-7766