Exposures › CVE-2025-67038
Lantronix EDS5000 allows attackers to inject arbitrary root OS commands via the username parameter.
This code injection flaw enables remote execution of privileged commands, posing a severe risk to DIB systems relying on industrial Ethernet devices. The vulnerability is actively exploited and linked to ransomware campaigns, making it a critical supply-chain and operational security failure that demands immediate patching and vendor accountability.
Shame score — An actively exploited, root-privilege RCE in an industrial device that is a known supply-chain risk.
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
No correlated FedRAMP products.