Lantronix XPort (Update A)

Plan PatchCVSS 9.8ICS-CERT ICSA-25-105-05Apr 15, 2025

Lantronix

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Lantronix XPort firmware versions 6.5.0.7 through 7.0.0.2 contain a missing authentication vulnerability (CWE-306) in the configuration interface. Successful exploitation allows an attacker to gain unauthorized access to the configuration interface without a password, potentially causing disruption to monitoring and operational systems. Firmware version 8.0.0.0 or later fixes this issue.

What this means

What could happen

An attacker could gain unauthorized access to the XPort configuration interface without authentication, allowing them to change device settings, disable monitoring, or disrupt the operations this device supports in your network.

Who's at risk

Organizations that deploy Lantronix XPort devices for monitoring or remote management of industrial equipment. This includes water authorities, electric utilities, and other critical infrastructure operators that use XPort for device access, alarm monitoring, or configuration management.

How it could be exploited

An attacker on the network (or from the internet if the XPort is reachable externally) sends requests to the configuration interface. Because there is no authentication check (CWE-306), the attacker gains access to administrative functions without a password or credentials. From there, they can modify settings or shut down the device.

Prerequisites

Network access to the XPort configuration interface (typically HTTP/HTTPS port)
No authentication required—the vulnerability allows unauthenticated access

remotely exploitableno authentication requiredlow complexitycritical CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

XPort: >=6.5.0.7|<7.0.0.3≥ 6.5.0.7|<7.0.0.38.0.0.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the XPort configuration interface using firewall rules—only allow connections from trusted engineering workstations or management networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate XPort firmware to version 8.0.0.0 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the XPort and its management network from the general business network and the internet

HARDENINGIf remote access to XPort is required, use a VPN or jump server behind a firewall rather than exposing the device directly to the internet

CVEs (1)

CVE-2025-2567

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/65185f25-f21f-49da-a736-b295f9cd2ca3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.