Securityboulevard • 1w
Critical OS Command Injection in Lantronix EDS5000 Series
CVE-2025-67038 is a critical OS command injection vulnerability affecting Lantronix EDS5000 series serial-to-Ethernet device servers. An unauthenticated remote attacker can achieve root-level system compromise by injecting arbitrary shell commands via the username parameter. With a CVSS score of 9.8 and confirmed active exploitation in the wild, the flaw enables full device takeover and potential lateral movement into sensitive industrial or management networks. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal remediation by June 26, 2026.
Links:Securityboulevard, CISA Cybersecurity Advisories, threat-modeling.com, Github, Cve, Thehackernews, Techjacksolutions, Lantronix, techjacksolutions.com, Dataminr, Vulnerability, Nvd, itpro.com, Forescout, Mallory, Windowsforum, Securityweek, Industrialcyber, 1898advisories, Darkreading, Runzero, Undercodenews, Socdefenders, Access, fieldeffect.com •