CVE-2025-67035
Published: 11 March 2026
Summary
CVE-2025-67035 is a critical-severity Code Injection (CWE-94) vulnerability in Lantronix Eds5032 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly addresses the missing input sanitization by requiring validation mechanisms at web input points to prevent OS command injection.
SI-2 requires identification, reporting, and correction of flaws like this command injection vulnerability through timely patching.
AC-6 enforces least privilege to restrict the scope of arbitrary commands executed with root privileges if injection occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated OS command injection on public-facing web interface (SSH config pages) enables T1190 for initial access and T1059.004 for Unix shell command execution as root.
NVD Description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various…
more
objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
Deeper analysisAI
CVE-2025-67035 involves multiple OS command injection vulnerabilities (CWE-94) in Lantronix EDS5000 version 2.1.0.0R3. These flaws affect the SSH Client and SSH Server web pages, stemming from inadequate sanitization of input parameters. Attackers can inject arbitrary commands during delete actions for objects like server keys, users, and known hosts, with the commands executing under root privileges. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
A remote, unauthenticated attacker can exploit this over the network with low attack complexity and no user interaction required. Exploitation allows execution of arbitrary root-level commands, enabling full system compromise, data exfiltration, modification of configurations, or disruption of device operations.
Advisories and patch information are detailed in CISA ICSA-26-069-02, along with resources on lantronix.com and eds5000.com. Security practitioners should review these for vendor-recommended mitigations, such as applying updates or implementing access controls.
Details
- CWE(s)