CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.3%

CVSS Severity

CVSS v3 Score 8.8

References

http://eds5000.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Products affected by CVE-2025-67034

Lantronix » Eds5008 » Version: N/A

cpe:2.3:h:lantronix:eds5008:-
Lantronix » Eds5016 » Version: N/A

cpe:2.3:h:lantronix:eds5016:-
Lantronix » Eds5032 » Version: N/A

cpe:2.3:h:lantronix:eds5032:-
Lantronix » Eds5008 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0
Lantronix » Eds5016 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0
Lantronix » Eds5032 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67034

Products

Pricing

Contact Us