SB2025042320 - Missing Authentication for Critical Function in Lantronix Xport

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025042320

SB2025042320 - Missing Authentication for Critical Function in Lantronix Xport

Published: April 23, 2025

Security Bulletin ID SB2025042320
CSH Severity
High
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2025-2567)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function. A remote attacker can disable the ATG monitoring, leading to potential safety hazards in fuel storage and transportation.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References