CVE-2025-67036
Published: 11 March 2026
Summary
CVE-2025-67036 is a high-severity Code Injection (CWE-94) vulnerability in Lantronix Eds5032 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-67036 is a command injection vulnerability (CWE-94) in Lantronix EDS5000 version 2.1.0.0R3, published on 2026-03-11. The flaw affects the Log Info page, which permits users to access log files by specifying their names. Insufficient sanitization of the file name parameter enables injection of arbitrary OS commands executed with root privileges. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentiality, integrity, and availability impacts.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Exploitation allows execution of arbitrary OS commands as root, enabling full system compromise, including data exfiltration, modification, or disruption on the affected EDS5000 device.
Advisories providing mitigation guidance, including patches or workarounds, are available from CISA (ICSA-26-069-02) and vendor resources at eds5000.com and lantronix.com. Security practitioners should consult these references promptly for remediation steps tailored to the EDS5000 deployment.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208583
Vulnerability details
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands…
more
that are executed with root privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection on public-facing Log Info page enables remote exploitation (T1190) for Unix shell command execution (T1059.004) with root privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 directly addresses the missing sanitization of the file name parameter by requiring validation of inputs to block command injection attacks.
SI-9 restricts the file name input to only valid log file names, preventing injection of arbitrary OS commands.
SI-2 ensures timely patching of the command injection flaw as recommended in CISA and vendor advisories.