CVE-2025-7766

HIGH

Lantronix Provisioning Manager - RCE

Title source: llm

Description

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

Exploits (2)

exploitdb WORKING POC

by Byte Reaper · cwebappsmultiple

https://www.exploit-db.com/exploits/52417

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-7766

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-02

[Third Party Advisory] https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/105906637/Latest+Version+of+Lantronix+Provisioning+Manager+LPM

Scores

CVSS v3 8.0

EPSS 0.0030

EPSS Percentile 53.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-611

Status published

Products (1)

Lantronix/Provisioning Manager < 7.10.2

Published Jul 22, 2025

Tracked Since Feb 18, 2026