Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-4338

Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application.

Published: May 22, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-4338
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo