CVE-2025-67034 | THREATINT

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.

PUBLISHED Reserved 2025-12-08 | Published 2026-03-11 | Updated 2026-03-12 | Assigner mitre

References

lantronix.com

eds5000.com

www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

cve.org (CVE-2025-67034)

nvd.nist.gov (CVE-2025-67034)

Download JSON