Cyber Resilience

CVE-2025-67039

CriticalUpdated

Published: 11 March 2026

Published
11 March 2026
Modified
23 June 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0039 30.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-67039 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Lantronix Eds3016Ps1Ns Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2025-67039 is an authentication bypass vulnerability in Lantronix EDS3000PS firmware version 3.1.0.0R2. The flaw affects authentication mechanisms on the device's management pages, where attackers can evade login controls by appending a specific suffix to the URL and supplying an Authorization header using "admin" as the username. Published on 2026-03-11, the vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to its network accessibility and high impacts on confidentiality and integrity.

A remote, unauthenticated attacker requires only network access to the affected device to exploit this issue, with low complexity and no need for user interaction. Exploitation grants unauthorized administrative access to the management interface, enabling the attacker to view sensitive configuration data and potentially alter device settings, compromising the confidentiality and integrity of the system without affecting availability.

Advisories including CISA ICSA-26-069-02, along with resources from eds3000ps.com and lantronix.com, provide further details on mitigation strategies and patches for this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Auth bypass on network-exposed management interface directly enables exploitation of public-facing application for unauthorized admin access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70082Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67041Same product: Lantronix Eds3008Ps1Ns
CVE-2026-44574Shared CWE-288
CVE-2025-2747Shared CWE-288
CVE-2025-69101Shared CWE-288
CVE-2026-2628Shared CWE-288
CVE-2025-64121Shared CWE-288
CVE-2026-22733Shared CWE-288
CVE-2026-44575Shared CWE-288
CVE-2025-50904Shared CWE-288

Affected Assets

lantronix
eds3016ps1ns firmware
3.1.0.0r2
lantronix
eds3008ps1ns firmware
3.1.0.0r2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access, directly preventing authentication bypass via manipulated URLs and authorization headers on management pages.

prevent

Ensures unique identification and authentication of users for management interfaces, mitigating alternate path bypasses that grant unauthorized admin access.

preventrecover

Remediates the specific firmware flaw causing authentication bypass by identifying, reporting, and applying vendor patches promptly.

References