CVE-2025-2567: Lantronix Xport Missing Authentication for Critical Function

9.8 CVSS

Description

An attacker could modify or disable settings, disrupt fuel monitoring
and supply chain operations, leading to disabling of ATG monitoring.
This would result in potential safety hazards in fuel storage and
transportation.

Classification

CVE ID: CVE-2025-2567

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-306

Affected Products

Vendor: Lantronix

Product: Xport

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.19% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2567
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05

Timeline

2025-04-15 16:00:39 UTC
All CISA Advisories

Lantronix Xport
2025-04-15 20:40:14 UTC
CVE

Lantronix Xport Missing Authentication for Critical Function