CVE Catalog

CVE-2025-67041

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

An issue was discovered in Lantronix EDS3000PS version 3.1.0.0R2 where the host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Risk Assessment

An attacker can remotely execute arbitrary commands with root privileges, leading to full device compromise and potential network security breach.

Recommendation

Immediately update the device firmware to the latest version that fixes this vulnerability and restrict management interface access to trusted networks only.

Original NVD description (English source)

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS