CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.3%

CVSS Severity

CVSS v3 Score 8.8

References

http://eds5000.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Products affected by CVE-2025-67037

Lantronix » Eds5008 » Version: N/A

cpe:2.3:h:lantronix:eds5008:-
Lantronix » Eds5016 » Version: N/A

cpe:2.3:h:lantronix:eds5016:-
Lantronix » Eds5032 » Version: N/A

cpe:2.3:h:lantronix:eds5032:-
Lantronix » Eds5008 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0
Lantronix » Eds5016 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0
Lantronix » Eds5032 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67037

Products

Pricing

Contact Us