CVE-2025-67035 | THREATINT

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

PUBLISHED Reserved 2025-12-08 | Published 2026-03-11 | Updated 2026-03-12 | Assigner mitre

References

lantronix.com

eds5000.com

www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

cve.org (CVE-2025-67035)

nvd.nist.gov (CVE-2025-67035)

Download JSON