CISA warned that CVE-2025-67038 in Lantronix EDS5000 Series devices is being actively exploited, and FCEB agencies must apply the fix by June 26, 2026. The advisory also highlighted active exploitation of UniFi OS flaws chained as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, which can lead to root-level code execution and broader network compromise. #Lantronix #EDS5000 #CVE-2025-67038 #UniFiOS #CVE-2026-34908 #CVE-2026-34909 #CVE-2026-34910
Keypoints
- CISA flagged active exploitation of CVE-2025-67038 in Lantronix EDS5000 Series devices.
- The flaw allows command injection and arbitrary command execution with elevated privileges.
- Forescout Research Vedere Labs disclosed the issue as part of BRIDGE:BREAK.
- CISA also confirmed exploitation of three critical UniFi OS vulnerabilities.
- The UniFi OS chain can enable root access, sensitive file access, and lateral movement.
Read More: https://thehackernews.com/2026/06/cisa-warns-critical-lantronix-eds5000.html