Cyber Resilience

CVE-2025-70082

CriticalRCEUpdated

Published: 11 March 2026

Published
11 March 2026
Modified
23 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0050 38.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-70082 is a critical-severity OS Command Injection (CWE-78) vulnerability in Lantronix Eds3016Ps1Ns Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-70082 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in Lantronix EDS3000PS version 3.1.0.0R2, specifically within the ltrx_evo component. Published on 2026-03-11, it allows an attacker to execute arbitrary code and obtain sensitive information. The issue is linked to CWE-78 (OS Command Injection), CWE-288 (Authentication Bypass Using an Alternate Path or Channel), and CWE-620 (Unverified Code).

Any unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation enables remote arbitrary code execution, resulting in high-impact compromise of confidentiality, integrity, and availability, potentially leading to full system control and exposure of sensitive data.

Mitigation details are outlined in vendor advisories available at eds3000ps.com and lantronix.com, as well as the CISA ICS Advisory ICSA-26-069-02 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote OS command injection (CWE-78) with auth bypass in a network-exposed device component directly enables T1190 for arbitrary code execution and data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67041Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67039Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67035Same vendor: Lantronix
CVE-2025-67038Same vendor: Lantronix
CVE-2025-67037Same vendor: Lantronix
CVE-2025-67034Same vendor: Lantronix
CVE-2025-67036Same vendor: Lantronix
CVE-2025-64121Shared CWE-288
CVE-2024-12824Shared CWE-620
CVE-2026-34176Shared CWE-78

Affected Assets

lantronix
eds3016ps1ns firmware
3.1.0.0r2
lantronix
eds3008ps1ns firmware
3.1.0.0r2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, prioritization, and correction of the specific flaw in the ltrx_evo component enabling RCE.

prevent

Prevents exploitation of the OS command injection (CWE-78) by validating and sanitizing untrusted inputs to the vulnerable ltrx_evo component.

prevent

Blocks unauthenticated network access (AV:N/PR:N) required to reach and exploit the ltrx_evo component over the network.

References