Missing Authentication for Critical Function in Lantronix Xport

Published: 2025-04-23

Risk	High
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2025-2567
CWE-ID	CWE-306
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Xport Hardware solutions / Firmware
Vendor	Lantronix

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Missing Authentication for Critical Function

EUVDB-ID: #VU107861

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-2567

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function. A remote attacker can disable the ATG monitoring, leading to potential safety hazards in fuel storage and transportation.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Xport: - - 7.0.0.3

CPE2.3

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.