CVE-2025-7766
Severity CVSS v4.0:
HIGH
Type:
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
22/07/2025
Last modified:
25/07/2025
Description
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH
Base Score 3.x
8.00
Severity 3.x
HIGH