CVE-2025-67037 | THREATINT

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

PUBLISHED Reserved 2025-12-08 | Published 2026-03-11 | Updated 2026-03-12 | Assigner mitre

References

lantronix.com

eds5000.com

www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

cve.org (CVE-2025-67037)

nvd.nist.gov (CVE-2025-67037)

Download JSON