← back
CVE-2025-7766

Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference

CVSS 8.6 HIGHEPSS 1.7%CWE-611
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected products
Lantronix · Provisioning Manager
public PoCs found2
githubgithub.com/byteReaper77/CVE-2025-77661exploitdbwww.exploit-db.com/exploits/52417unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPMhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02