Home / Vulnerability Intelligence / CVE-2025-67041

CVE-2025-67041 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

Lantronix EDS3000PS - Command Injection

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

Lantronix EDS3000PS 3.1.0.0R2 contains a command injection caused by improper sanitization of the host parameter in the TFTP client on the Filesystem Browser page, letting attackers execute arbitrary commands with root privileges, exploit requires access to the Filesystem Browser page.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary commands with root privileges, leading to full system compromise.

Mitigation

Update to the latest version with proper input sanitization.

References

http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02
http://eds3000ps.com

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-67041
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: new

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H