CVE-2025-7766 Lantronix CVE debrief

Who should care

Organizations running Lantronix Provisioning Manager, especially in OT or industrial environments that ingest configuration files from network devices. Administrators responsible for software inventory, patching, and change windows should prioritize affected installations.

Technical summary

The supplied CISA CSAF advisory identifies Lantronix Provisioning Manager versions <=7.10.2 as affected by an XXE vulnerability involving configuration files supplied by network devices. The advisory states this can result in unauthenticated remote code execution on hosts with the product installed. CISA lists the issue with CVSS v3.1 vector AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and a score of 8.0 (High).

Defensive priority

High. The advisory describes a path to remote code execution and identifies a fixed release, so affected deployments should be treated as urgent patch candidates.

Recommended defensive actions

• Upgrade Lantronix Provisioning Manager to version 7.10.4 or later, as recommended in the advisory.
• Inventory all deployments to find versions <=7.10.2 and prioritize remediation for any active installations.
• Review affected workflows that process device-supplied configuration files and schedule upgrades through normal maintenance and change-control processes.
• Follow CISA ICS recommended practices and defense-in-depth guidance for industrial control system environments.

Evidence notes

CISA's advisory ICSA-25-203-02, published on 2025-07-22, states that Lantronix Provisioning Manager <=7.10.2 is affected by an XXE issue and that the result can be unauthenticated remote code execution. The advisory's remediation section recommends updating to v7.10.4 or later. The supplied CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (8.0 High).

Official resources