Lantronix Provisioning Manager

Plan PatchCVSS 8ICS-CERT ICSA-25-203-02Jul 22, 2025

Lantronix

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Lantronix Provisioning Manager versions 7.10.2 and earlier contain an XML external entity (XXE) injection vulnerability that could allow an attacker to perform a cross-site scripting attack and achieve remote code execution. The vulnerability is triggered through a malicious input in a web interface form field. When an authenticated administrator visits the compromised page, the injected script executes with administrative privileges, potentially allowing the attacker to modify device configurations or execute arbitrary commands on provisioned devices.

What this means

What could happen

An attacker could execute arbitrary code on the Provisioning Manager through a cross-site scripting vulnerability, potentially allowing unauthorized control over device provisioning and configuration management across your network.

Who's at risk

Water authorities and electric utilities using Lantronix Provisioning Manager for network device management and configuration. This affects anyone managing Lantronix-provisioned equipment (serial device servers, terminal servers, console servers) where the Manager handles device provisioning, configuration delivery, and lifecycle management.

How it could be exploited

An attacker with network access to the Provisioning Manager web interface could inject malicious JavaScript code through a vulnerable input field. When an administrator accesses the affected page in a browser, the injected script executes with the administrator's privileges, allowing the attacker to perform actions like changing device configurations or executing arbitrary commands on provisioned devices.

Prerequisites

Network access to Provisioning Manager web interface (typically port 80/443)
User interaction required: an administrator must visit the compromised page in a web browser

remotely exploitableuser interaction requiredlow complexityaffects device provisioning and configuration control

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

Provisioning Manager: <=7.10.2≤ 7.10.27.10.4+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the Provisioning Manager web interface to authorized personnel only using firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Lantronix Provisioning Manager to version 7.10.4 or later

Long-term hardening

0/2

HARDENINGIsolate the Provisioning Manager from the Internet and place it behind a firewall with strict access controls

HARDENINGIf remote access to Provisioning Manager is required, require use of a VPN and ensure the VPN is updated to the latest version

CVEs (1)

CVE-2025-7766

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/237a7081-39d0-4fd4-bc8a-0c29ea3b53b8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.