## Overview
CISA added CVE-2025-67038 to its Known Exploited Vulnerabilities (KEV) catalog on June 23, 2026. This addition indicates a federal deadline for remediation due to active exploitation. The vulnerability exists in the Lantronix EDS5000 version 2.1.0.0R3.
## Technical Details
The vulnerability arises from the HTTP RPC module, which executes a shell command to log failed authentication attempts. The username provided by the user is concatenated directly into the command without any sanitization. This flaw allows attackers to inject arbitrary OS commands through the username parameter. Once injected, these commands are executed with root privileges, posing a severe risk to system integrity.
## Impact
Exploitation of this vulnerability can lead to complete system compromise. Attackers can execute arbitrary commands with root access, potentially allowing them to manipulate system files, install malware, or exfiltrate sensitive data. The CVSS score of 9.8 highlights the critical nature of this vulnerability, making it essential for organizations to address it promptly.
## Mitigation
Organizations using the affected version of the Lantronix EDS5000 should apply patches provided by the vendor immediately. Additionally, it is advisable to review authentication logs for any suspicious activity and to implement network segmentation to limit exposure. Regular security assessments can help identify and mitigate potential vulnerabilities in the future.
CSURFACE Threat Sensor