Actively exploited in the wild
Lantronix EDS5000 Code Injection Vulnerability
Lantronix — EDS5000 · Listed in the CISA KEV since 2026-06-23. This indicates confirmed attacks in production environments.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2025-67038
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Elevated risk63th percentile — higher than 63% of all known CVEs
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3 where the HTTP RPC module executes a shell command to write logs upon authentication failure. The username is directly concatenated with the command without sanitization, allowing attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Risk Assessment
The risk for the organization includes complete takeover of the device by an unauthenticated attacker, potentially leading to network compromise, data leakage, or use of the device as an entry point for further attacks.
Recommendation
Immediately update the Lantronix EDS5000 firmware to the latest version that addresses this vulnerability. Until the update is applied, restrict access to the HTTP RPC interface to trusted networks only.
Original NVD description (English source)
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

