VYPR
Unrated severityCISA KEVNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

CVE-2025-67038

CVE-2025-67038

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lantronix/EDS5000cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =2.1.0.0R3

Patches

Vulnerability mechanics

References

3

News mentions

5