CVE-2025-2567 - Vulnerability Details - OpenCVE

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05

History

Tue, 15 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.
Title		Lantronix Xport Missing Authentication for Critical Function
Weaknesses		CWE-306
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-04-15T19:59:32.609Z

Updated: 2025-04-15T20:09:58.788Z

Reserved: 2025-03-20T16:56:22.565Z

Link: CVE-2025-2567

Vulnrichment

Updated: 2025-04-15T20:09:53.838Z

NVD

Status : Awaiting Analysis

Published: 2025-04-15T20:15:38.990

Modified: 2025-04-16T13:25:59.640

Link: CVE-2025-2567

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2567", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-03-20T16:56:22.565Z", "datePublished": "2025-04-15T19:59:32.609Z", "dateUpdated": "2025-04-15T20:09:58.788Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Xport", "vendor": "Lantronix", "versions": [{"lessThanOrEqual": "7.0.0.3", "status": "affected", "version": "6.5.0.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar from Microsec(microsec.io) reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation."}], "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-15T19:59:32.609Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05"}], "source": {"advisory": "ICSA-25-105-05", "discovery": "EXTERNAL"}, "title": "Lantronix Xport Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lantronix recommends users upgrade to their Xport Edge product, which \nbrings in more cutting edge security suite. Xport edge is not affected \nby these vulnerabilities. Users should contact Lantronix directly for \nassistance.\n\n<br>"}], "value": "Lantronix recommends users upgrade to their Xport Edge product, which \nbrings in more cutting edge security suite. Xport edge is not affected \nby these vulnerabilities. Users should contact Lantronix directly for \nassistance."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T20:09:34.571034Z", "id": "CVE-2025-2567", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:09:58.788Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2567", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-15T20:09:34.571034Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:09:53.838Z"}}], "cna": {"title": "Lantronix Xport Missing Authentication for Critical Function", "source": {"advisory": "ICSA-25-105-05", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar from Microsec(microsec.io) reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lantronix", "product": "Xport", "versions": [{"status": "affected", "version": "6.5.0.7", "versionType": "custom", "lessThanOrEqual": "7.0.0.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05"}], "workarounds": [{"lang": "en", "value": "Lantronix recommends users upgrade to their Xport Edge product, which \nbrings in more cutting edge security suite. Xport edge is not affected \nby these vulnerabilities. Users should contact Lantronix directly for \nassistance.", "supportingMedia": [{"type": "text/html", "value": "Lantronix recommends users upgrade to their Xport Edge product, which \nbrings in more cutting edge security suite. Xport edge is not affected \nby these vulnerabilities. Users should contact Lantronix directly for \nassistance.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation.", "supportingMedia": [{"type": "text/html", "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-15T19:59:32.609Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2567", "state": "PUBLISHED", "dateUpdated": "2025-04-15T20:09:58.788Z", "dateReserved": "2025-03-20T16:56:22.565Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-04-15T19:59:32.609Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation."}, {"lang": "es", "value": "Un atacante podr\u00eda modificar o deshabilitar la configuraci\u00f3n, interrumpir el monitoreo de combustible y las operaciones de la cadena de suministro, lo que provocar\u00eda la desactivaci\u00f3n del monitoreo de ATG. Esto podr\u00eda generar riesgos de seguridad en el almacenamiento y transporte de combustible."}], "id": "CVE-2025-2567", "lastModified": "2025-04-16T13:25:59.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-04-15T20:15:38.990", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}