CVE Catalog

CVE-2025-67039

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

An authentication bypass vulnerability was discovered in Lantronix EDS3000PS version 3.1.0.0R2. By appending a specific suffix to the URL and sending an Authorization header with the username 'admin', an attacker can bypass authentication on management pages.

Risk Assessment

An attacker can gain unauthorized access to the device's administrative panel, potentially leading to full control over the network device and compromising network security.

Recommendation

Immediately update the Lantronix EDS3000PS firmware to the latest available version that addresses this vulnerability. As a temporary measure, restrict access to the management interface to trusted IP addresses only.

Original NVD description (English source)

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS