Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference...

Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title	Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
Type	cve
Published	2025-07-22T21:44:10.227Z
Modified	2025-07-22T21:44:10.227Z

Product Information

Vendor	Lantronix
Product	Provisioning Manager
Version	0

CVSS Information

Base Score	8.6 (HIGH)
Attack Vector	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Products

Lantronix Provisioning Manager 0

Additional Information

CWE List	CWE-611
Source	icscert

Description

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02
https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM

View Full CVE Details