CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2025-67038

Lantronix » Eds5008 » Version: N/A

cpe:2.3:h:lantronix:eds5008:-
Lantronix » Eds5016 » Version: N/A

cpe:2.3:h:lantronix:eds5016:-
Lantronix » Eds5032 » Version: N/A

cpe:2.3:h:lantronix:eds5032:-
Lantronix » Eds5008 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0
Lantronix » Eds5016 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0
Lantronix » Eds5032 Firmware » Version: 2.1.0.0

cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67038

Products

Pricing

Contact Us