Home / Vulnerability Intelligence / CVE-2025-67036

CVE-2025-67036 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 12, 2026

Lantronix EDS5000 - Command Injection

Published: March 11, 2026Updated: March 12, 2026Remote Exploitable

Overview

Lantronix EDS5000 2.1.0.0R3 contains a command injection caused by missing sanitization of the file name parameter in the Log Info page, letting authenticated attackers execute arbitrary OS commands with root privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers can execute arbitrary OS commands as root, leading to full system compromise.

Mitigation

Update to the latest version with proper input sanitization or apply vendor patches.

References

http://eds5000.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-67036
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: new

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H