Home / Vulnerability Intelligence / CVE-2025-67035

CVE-2025-67035 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 12, 2026

Lantronix EDS5000 - Command Injection

Published: March 11, 2026Updated: March 12, 2026Remote Exploitable

Overview

Lantronix EDS5000 2.1.0.0R3 contains multiple command injection vulnerabilities caused by missing sanitization of input parameters in SSH Client and Server pages, letting attackers execute arbitrary commands with root privileges, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary commands with root privileges, leading to full system compromise.

Mitigation

Update to the latest version with patches for input sanitization.

References

http://eds5000.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-67035
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: new

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H