CVE-2025-7766

Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference

CVSS 8.6 HIGHEPSS 1.7%CWE-611

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Productos afectados

Lantronix · Provisioning Manager

PoCs públicas encontradas — 2

githubgithub.com/byteReaper77/CVE-2025-7766★ 1 exploitdbwww.exploit-db.com/exploits/52417no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02