AI description
CVE-2025-67038 is an OS command injection vulnerability affecting Lantronix EDS5000 devices, specifically version 2.1.0.0R3. This flaw resides within the HTTP RPC module, which logs failed user authentication attempts by executing shell commands. The vulnerability arises because the username parameter is directly incorporated into these shell commands without proper sanitization, allowing an attacker to inject arbitrary operating system commands. Exploitation of CVE-2025-67038 does not require prior authentication and can be performed remotely over the network by leveraging intentionally failed login attempts. The injected commands execute with root privileges, enabling complete system compromise. Given that Lantronix EDS5000 devices are frequently deployed in industrial control system (ICS) environments for serial-to-Ethernet connectivity, a successful exploit could provide attackers with a foothold into operational technology (OT) networks. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation.
- Description
- An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- eds5032_firmware, eds5008_firmware, eds5016_firmware
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Lantronix EDS5000 Code Injection Vulnerability
- Exploit added on
- Jun 23, 2026
- Exploit action due
- Jun 26, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
10
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(6/23追加) 🛡CVE-2025-67038 ✅概要 ・深刻度:緊急 9.8 (CVSS Base) / CISA-ADP ・種別:コード・インジェクション (CWE-94) ・CVSS:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
@piyokango
24 Jun 2026
3603 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-67038: Lantronix EDS5000 HTTP RPC module Command Execution Critical Vulnerability Alert! Lantronix is affected by CVE-2025-67038. Full Vulnerability Details & Analysis at DarkEye: 🔗 https://t.co/8CrY7rh8ah 🔍 Identify Targets via ZoomEye: Filter: https:
@zoomeye_team
24 Jun 2026
1056 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性4件をカタログに追加 CISA Adds Four Known Exploited Vulnerabilities to Catalog #CISA (Jun 23) CVE-2025-67038 Lantronix EDS5000のコードインジェクション脆弱性 CVE-2026-34908 Ubiquiti UniFi OSの不適切なアクセ
@foxbook
24 Jun 2026
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WARNING: Lantronix EDS5000 suffers critical code injection flaw CVE-2025-67038 allowing root-level OS command execution via username parameter. ⚡️ CISA added it to Known Exploited Vulnerabilities catalog with patch deadline June 26. Immediate mitigation required.
@ThreatPing
23 Jun 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、Lantronix EDS5000のCVE-2025-67038とUbiquiti UniFi OSのCVE-2026-34908~34910の4件を追加。対処期限はいずれも3日後の6/26。ランサム
@__kokumoto
23 Jun 2026
892 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-67038 - Lantronix EDS5000 code injection flaw allows attackers to execute arbitrary OS commands as root via username parameter. CISA KEV listed. Patch immediately. #CVE #PatchNow https://t.co/focVviYfVg
@DFIR_Lab
23 Jun 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 4 new CISA KEV adds today CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2025-67038 https://t.co/0StDFCzdCI #boarnet #cybersecurity #cisakev #cve #threatintelligence #malware
@boarnetio
23 Jun 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-67038 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is d… https://t.co/40mJZpH0IG
@CVEnew
15 Mar 2026
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA9E944-25EA-44A8-97EB-EF962EC155EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04B4C755-3690-44B1-900A-71C5BEB4A1C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2F9C4B-D268-4A78-A563-BB0169D2AD28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B983DA3B-63DC-4981-A671-66A674234E80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "A329F473-DB34-456E-B934-E47DCD7E2573",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86808903-C99D-4C74-A1D2-3E708B2074D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]