PatchSiren

Lantronix CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Lantronix CVE published 2025-07-22

CVE-2025-7766

CVE-2025-7766 affects Lantronix Provisioning Manager and is described by CISA as an XML External Entity (XXE) issue in configuration files supplied by network devices. The advisory says the flaw can lead to unauthenticated remote code execution on hosts with Provisioning Manager installed, and Lantronix recommends upgrading to version 7.10.4 or later.

CRITICAL Lantronix CVE published 2025-04-15

CVE-2025-2567

CVE-2025-2567 is a critical Lantronix XPort vulnerability that CISA says can let an attacker modify or disable device settings, disrupt fuel monitoring and supply chain operations, and potentially disable ATG monitoring. The advisory assigns a CVSS 3.1 score of 9.8 and identifies affected XPort firmware in the range >=6.5.0.7 and <7.0.0.3. Lantronix’s remediation includes firmware v8.0.0.0, and the vendor [truncated]