CVE-2025-7766 affects Lantronix Provisioning Manager and is described by CISA as an XML External Entity (XXE) issue in configuration files supplied by network devices. The advisory says the flaw can lead to unauthenticated remote code execution on hosts with Provisioning Manager installed, and Lantronix recommends upgrading to version 7.10.4 or later.
CVE-2025-2567 is a critical Lantronix XPort vulnerability that CISA says can let an attacker modify or disable device settings, disrupt fuel monitoring and supply chain operations, and potentially disable ATG monitoring. The advisory assigns a CVSS 3.1 score of 9.8 and identifies affected XPort firmware in the range >=6.5.0.7 and <7.0.0.3. Lantronix’s remediation includes firmware v8.0.0.0, and the vendor [truncated]