CVE-2025-67038 — Lantronix EDS5000 Code Injection Vulnerability

Description

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

How to fix CVE-2025-67038

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-67038 being exploited?

Yes — CVE-2025-67038 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.