Cyber Posture

CVE-2025-70082

CriticalRCE

Published: 11 March 2026

Published
11 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70082 is a critical-severity OS Command Injection (CWE-78) vulnerability in Lantronix Eds3016Ps1Ns Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely identification, reporting, prioritization, and correction of the specific flaw in the ltrx_evo component enabling RCE.

SI-10 Information Input Validation good match
prevent

Prevents exploitation of the OS command injection (CWE-78) by validating and sanitizing untrusted inputs to the vulnerable ltrx_evo component.

SC-7 Boundary Protection good match
prevent

Blocks unauthenticated network access (AV:N/PR:N) required to reach and exploit the ltrx_evo component over the network.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote OS command injection (CWE-78) with auth bypass in a network-exposed device component directly enables T1190 for arbitrary code execution and data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

Deeper analysisAI

CVE-2025-70082 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in Lantronix EDS3000PS version 3.1.0.0R2, specifically within the ltrx_evo component. Published on 2026-03-11, it allows an attacker to execute arbitrary code and obtain sensitive information. The issue is linked to CWE-78 (OS Command Injection), CWE-288 (Authentication Bypass Using an Alternate Path or Channel), and CWE-620 (Unverified Code).

Any unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation enables remote arbitrary code execution, resulting in high-impact compromise of confidentiality, integrity, and availability, potentially leading to full system control and exposure of sensitive data.

Mitigation details are outlined in vendor advisories available at eds3000ps.com and lantronix.com, as well as the CISA ICS Advisory ICSA-26-069-02 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02.

Details

CWE(s)
CWE-78CWE-288CWE-620

Affected Products

lantronix
eds3016ps1ns firmware
3.1.0.0
lantronix
eds3008ps1ns firmware
3.1.0.0

CVEs Like This One

CVE-2025-67041Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67039Same product: Lantronix Eds3008Ps1Ns
CVE-2025-67035Same vendor: Lantronix
CVE-2025-67038Same vendor: Lantronix
CVE-2025-67037Same vendor: Lantronix
CVE-2025-67036Same vendor: Lantronix
CVE-2025-67034Same vendor: Lantronix
CVE-2026-40630Shared CWE-288
CVE-2025-13539Shared CWE-288
CVE-2025-60803Shared CWE-78

References