CVE-2025-7766
published 2025-07-22CVE-2025-7766: Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated…
PriorityP356high8CVSS 3.1
AVAACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
1.67%
73.8th percentile
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lantronix | provisioning_manager | <= 7.10.2 | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j9m-f26m-gcf5: Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthentic
ghsa_unreviewed·2025-07-23
CVE-2025-7766 [HIGH] CWE-611 GHSA-4j9m-f26m-gcf5: Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthentic
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.
CISA ICS
Lantronix Provisioning Manager
cisa_ics·2025-07-22·CVSS 8.0
[HIGH] Lantronix Provisioning Manager
ICS Advisory
##
Lantronix Provisioning Manager
Release DateJuly 22, 2025
Alert CodeICSA-25-203-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Low attack complexity
- Vendor: Lantronix
- Equipment: Provisioning Manager
- Vulnerability: Improper Restriction of XML External Entity Reference
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Lantronix products are affected:
- Provisioning Manager: Versions 7.10.2 and prior
## 3.2 Vulnerability Overview
## 3.2.1 I
No detection rules found.
No writeups or analysis indexed.
2025-07-22
Published