Remote Code Execution Vulnerability in Lantronix EDS5000 Product
CVE-2025-67038

9.8CRITICAL

Key Information:

Vendor

Lantronix

Status
EDS5000
Vendor
CVE Published:
11 March 2026

Badges

👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-67038?

A command injection vulnerability has been identified in the Lantronix EDS5000 product version 2.1.0.0R3. This flaw arises from the HTTP RPC module, which improperly handles user authentication log failures. Specifically, the module executes shell commands using a username that is directly concatenated to the command without proper validation or sanitization. As a result, attackers can exploit this weakness to inject arbitrary operating system commands, executing them with root privileges, leading to potential unauthorized access and control over the system.

CISA has reported CVE-2025-67038

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-67038 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-67038
Created by HORKimhab

News Articles

favicon imageThe Hacker News

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

CISA says CVE-2025-67038 in Lantronix EDS5000 devices is under active exploitation and urges federal agencies to patch by June 26, 2026.

19 hours ago

favicon imageBleepingComputer

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers.

1 day ago

References

http://lantronix.com
http://eds5000.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • đź“°

    First article discovered by BleepingComputer

  • đź‘ľ

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.