Cyber Resilience

CVE-2025-67041

CriticalRCEUpdated

Published: 11 March 2026

Published
11 March 2026
Modified
23 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 34.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-67041 is a critical-severity OS Command Injection (CWE-78) vulnerability in Lantronix Eds3016Ps1Ns Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-67041 is a critical vulnerability affecting Lantronix EDS3000PS version 3.1.0.0R2. The issue resides in the TFTP client functionality within the Filesystem Browser page, where the host parameter is not properly sanitized. This flaw enables an attacker to escape the intended command context and inject arbitrary operating system commands that execute with root privileges. The vulnerability is associated with CWE-78 (Improper Neutralization of Special Elements used in an OS Command), CWE-288 (Authentication Bypass Using an Alternate Path or Channel), and CWE-620 (Unverified Code), earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants full root-level remote code execution on the affected device, potentially allowing complete compromise including data exfiltration, persistence, lateral movement, or disruption of device operations.

Mitigation guidance is detailed in CISA ICS Advisory ICSA-26-069-02, as well as vendor resources at lantronix.com and eds3000ps.com. Security practitioners should consult these advisories for patching instructions, workarounds, and affected product details.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with…

more

root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Unauthenticated RCE via command injection in public-facing web management interface (Filesystem Browser/TFTP) directly enables T1190; resulting root shell access maps to T1059.004 Unix Shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70082Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67039Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67035Same vendor: Lantronix
CVE-2025-67038Same vendor: Lantronix
CVE-2025-67037Same vendor: Lantronix
CVE-2025-67034Same vendor: Lantronix
CVE-2025-67036Same vendor: Lantronix
CVE-2018-25115Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2024-46484Shared CWE-78

Affected Assets

lantronix
eds3016ps1ns firmware
3.1.0.0r2
lantronix
eds3008ps1ns firmware
3.1.0.0r2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation and sanitization of the unsanitized 'host' parameter in the TFTP client to block OS command injection exploits.

prevent

Establishes a risk-based process to identify, prioritize, and remediate the specific command injection flaw in Lantronix EDS3000PS.

prevent

Enforces least privilege to restrict the scope of damage from arbitrary root-privilege command execution resulting from the vulnerability.

References