The Hacker News ·EN News source
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
CVE Tools coverage
The U.S. CISA has issued an urgent warning that a critical vulnerability in Lantronix EDS5000 Series devices is being actively exploited in the wild. The issue, CVE-2025-67038 (CVSS 9.8), is a code injection weakness that can allow attackers to execute arbitrary commands with elevated/root privileges via the HTTP RPC logging behavior. CISA urged Federal Civilian Executive Branch agencies to apply the available fixes by June 26, 2026, highlighting the risk of full device compromise and potential broader network impact.