CVE-2025-4338

Name of the Vulnerable Software and Affected Versions Lantronix Device installer (affected versions not specified)

Description The issue concerns XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. Additionally, an attacker may gain access to the host running the Device Installer software or the password hash of the user running the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.