CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 34.6%

CVSS Severity

CVSS v3 Score 9.8

References

http://eds3000ps.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Products affected by CVE-2025-67041

Lantronix » Eds3008ps1ns » Version: N/A

cpe:2.3:h:lantronix:eds3008ps1ns:-
Lantronix » Eds3016ps1ns » Version: N/A

cpe:2.3:h:lantronix:eds3016ps1ns:-
Lantronix » Eds3008ps1ns Firmware » Version: 3.1.0.0r2

cpe:2.3:o:lantronix:eds3008ps1ns_firmware:3.1.0.0r2
Lantronix » Eds3016ps1ns Firmware » Version: 3.1.0.0r2

cpe:2.3:o:lantronix:eds3016ps1ns_firmware:3.1.0.0r2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67041

Products

Pricing

Contact Us