CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.7%

CVSS Severity

CVSS v3 Score 9.8

References

http://eds3000ps.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Products affected by CVE-2025-67041

Lantronix » Eds3008ps1ns » Version: N/A

cpe:2.3:h:lantronix:eds3008ps1ns:-
Lantronix » Eds3016ps1ns » Version: N/A

cpe:2.3:h:lantronix:eds3016ps1ns:-
Lantronix » Eds3008ps1ns Firmware » Version: 3.1.0.0

cpe:2.3:o:lantronix:eds3008ps1ns_firmware:3.1.0.0
Lantronix » Eds3016ps1ns Firmware » Version: 3.1.0.0

cpe:2.3:o:lantronix:eds3016ps1ns_firmware:3.1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67041

Products

Pricing

Contact Us