CVE-2025-4338

MEDIUM Year: 2025
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application.

Related Vulnerabilities

CVE-2025-25036

MEDIUM
CVSS:6.8(Medium)

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 (SP8).

CWE-6112025

CVE-2017-7907

MEDIUM
CVSS:6.6(Medium)

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML...

CWE-6112017

CVE-2024-22354

HIGH
CVSS:7.0(High)

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML dat...

CWE-6112024

CVE-2025-32138

MEDIUM
CVSS:6.6(Medium)

Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17.

CWE-6112025

CVE-2011-4107

MEDIUM
CVSS:6.5(Medium)

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary...

CWE-6112011

CVE-2012-0037

MEDIUM
CVSS:6.5(Medium)

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read ...

CWE-6112012