All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

CISA Flags Actively Exploited Lantronix EDS5000 Vulnerability Allowing Root-Level OS Command Injection

3h ago· 1 min readenNews
technologycybersecuritynewsot security

Summary

CVE-2025-67038 is a critical OS command injection vulnerability in Lantronix EDS5000 serial-to-IP device servers, allowing unauthenticated attackers to execute arbitrary commands with root privileges. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal agency remediation by June 26. The vulnerability is part of a broader set of 20 serial-to-IP product flaws (BRIDGE:BREAK) disclosed by Forescout, affecting Lantronix and Silex devices. Aviatrix outlined an attack path enabling full device control, lateral movement, and remote C2 channel establishment.

Source

bskyCISA Flags Actively Exploited Lantronix EDS5000 Vulnerability Allowing Root-Level OS Command Injectionbriefly.co

Key quotes

· 4 pulled
An unauthenticated attacker can inject arbitrary OS commands via a username parameter, executing them with root privileges.
CISA added the flaw to its Known Exploited Vulnerabilities catalog on June 23, requiring federal agencies to remediate by June 26.
Forescout previously disclosed 20 serial-to-IP product vulnerabilities, collectively tracked as BRIDGE:BREAK, affecting Lantronix and Silex and enabling manipulation of sensor readings or disruption via malicious firmware.
Aviatrix outlined an attack path where root code execution yields full device control, lateral movement, and a command-and-control channel for remote management.
Snippet from the RSS feed
CVE-2025-67038 targets Lantronix EDS5000 serial-to-IP device servers used to remotely connect to and manage serial devices. An unauthenticated attacker can inject arbitrary OS commands via a username parameter, executing them with root privileges. CISA ad

You might also wanna read

CVE-2026-10520: Critical Ivanti Sentry OS Command Injection Vulnerability Actively Exploited

Ivanti Sentry (formerly MobileIron Sentry) has a critical pre-authentication OS command injection vulnerability (CVE-2026-10520, CVSS 10.0)

hellorecon.com·13d ago

Critical LangChain Core Vulnerability (CVE-2025-68664) Allows Serialization Injection Attacks

Cyata Research discloses LangGrinch (CVE-2025-68664), a critical vulnerability in LangChain Core that allows serialization injection attacks

cyata.ai·6mo ago

Exploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges

This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo

a13xp0p0v.github.io·9mo ago

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·9mo ago

Dirty Frag (CVE-2026-43284): Critical Linux Kernel Root Exploit Disclosed — Second Major Vulnerability in Eight Days

A critical Linux kernel vulnerability called "Dirty Frag" (CVE-2026-43284 and CVE-2026-43500) has been publicly disclosed, giving root acces

Copahost·1mo ago

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·8mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.