Main Vulnerability Database Vulnerabilities #VU107861

#VU107861 Missing Authentication for Critical Function in Xport - CVE-2025-2567

Published: April 23, 2025

Vulnerability identifier: #VU107861

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-2567

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Xport

Software vendor:
Lantronix

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function. A remote attacker can disable the ATG monitoring, leading to potential safety hazards in fuel storage and transportation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05

#VU107861 Missing Authentication for Critical Function in Xport - CVE-2025-2567

Description

Remediation

External links

Please verify you're human